FreeBSD : xen-kernel -- PV superpage functionality missing sanity checks (7ed7c36f-ddaf-11e5-b2bd-002590263bf5)

The Xen Project reports : The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...

How Often Should You Scan Websites and Web Applications for Vulnerabilities?

Web Applications and Websites Exist in a Dynamic Environment There is no questioning the fact that the web application security landscape is in a constant state of flux. The pace of change is not only rapid but resembles a constant game of cat and mouse between hackers and security professionals...

staedtler.com.hk XSS vulnerability

Vulnerable URL: http://www.staedtler.com.hk/en/search/?txsolrq= Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2659768 Google Pagerank| 5 VIP website...

forterra.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-135383 Description| Value ---|--- Affected Website:| forterra.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

my-shop.ru XSS vulnerability

Vulnerable URL: http://my-shop.ru/shop/search/a/sort/z/page/1.html?f1439=0&f14;16=6&f14;6=book=0=1=4=25catid="...

gfmag.com XSS vulnerability

Vulnerable URL: https://www.gfmag.com/search/?contentsource=global-finance-magazine=1'%22%26%25promptString.fromCharCode88,83,83,80,79,83,69,68...

WordPress User Meta Manager 3.4.6 Plugin - Information Disclosure

Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

FreeBSD : shotwell -- not verifying certificates (448047e9-030e-4ce4-910b-f21a3ad5d9a0)

Michael Catanzaro reports : Shotwell has a serious security issue 'Shotwell does not verify TLS certificates'. Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it. What is the impact of the issue? If you ever use...

[SECURITY] Fedora 23 Update: prosody-0.9.10-1.fc23

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in...

[SECURITY] Fedora 23 Update: openstack-heat-2015.1.2-2.fc23

Heat provides AWS CloudFormation and CloudWatch functionality for OpenStack...

nrc.ac.uk XSS vulnerability

Vulnerable URL: http://www.nrc.ac.uk/search/?section===%22%3E%3Csvg/onload=confirm%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 570949 Google Pagerank| 0 VIP...

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

PV superpage functionality missing sanity checks

ISSUE DESCRIPTION The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various forms of...

SUSE-SU-2016:0121-1 Security update for mariadb

MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,...

Microsoft .NET Silverlight Manifest Resource File Information Disclosure (CVE-2015-6114)

An information disclosure vulnerability exists in Microsoft .NET Silverlight manifest resource parsing functionality. The vulnerability is due to an error while processing a corrupted manifest. An attacker can exploit this vulnerability by supplying a specially crafted resource through a .NET or...

[SECURITY] Fedora 23 Update: php-horde-Horde-Core-2.22.4-1.fc23

These classes provide the core functionality of the Horde Application Framework...

pornta.com XSS vulnerability

Vulnerable URL: http://www.pornta.com/search?searchquery=';alertString.fromCharCode88, 83, 83, 80, 79, 83, 69, 68//alertString.fromCharCode88, 83, 83, 80, 79, 83, 69, 68...

ros.ie XSS vulnerability

Vulnerable URL: https://www.ros.ie/FunctionalityServlet/acl/validCert.jsp?language=de Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 42299 Google Pagerank...