ISPs Sell Your Data to Advertisers, But FCC has a Plan to Protect Privacy

The Federal Communication Commission FCC has put forward a proposal that aims to protect Internet user's privacy. The proposal pdf will regulate the amount of customers’ online data the Internet Service Providers ISPs are able to collect and sell to the advertising companies. Currently, there is ...

Microsoft Bans Superfish SSL Interception Adware

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a...

MetInfo 5.3 /include/global/listmod.php SQL注入

看到 MetInfo5.3/include/global/listmod.php 164-184行 foreach as ==paraprice.id;=$;vardump;ifif!strstr, -pregmatch/0-9.+/,,; 看到 MetInfo5.3/include/global/listmod.php 164-184行 foreach as = ="paraprice".'id'; =$; vardump; if if!strstr, "-" pregmatch'/0-9.+/',,; =0; .= " and existsselect from where...

Mozilla - Maintenance Service Log File Overwrite Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege Summary: The maintenance service creates a log file in a use...

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

BigTree CMS 4.2.3 - Authenticated SQL Injection BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://blog.curesec.com/article/blog/BigTree-CMS-423-Multiple-SQL-Injection-Vulnerabilities-39.html 1. Introduction Affected Produc...

Kernel: ALSA: control: protect user controls against races & memory disclosure

An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space...

phpSQLiteCMS - Multiple Vulnerabilities

phpSQLiteCMS suffers from cross site request forgery, cross site scripting, arbitrary file upload, and privilege escalation vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt Vendor:...

Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is...

Symantec Web Gateway 5 restore.php Post Authentication Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can explo...

Millet smart cameras small ants there is a remote command execution vulnerability-vulnerability warning-the black bar safety net

! t0167153064b2673d18. png Vulnerability description: Small ants Camera application management program the presence of a remote command execution vulnerability through the web interface with root privileges to execute arbitrary system commands without any web permissions, now the official latest...

Kernel: ALSA: control: protect user controls against races & memory disclosure

An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space...

New Mozilla Privacy Initiative to Include High-Capacity Tor Relays

Mozilla is starting a new initiative that the company says is designed to incorporate more privacy enhancing features into Firefox and the other Mozilla products. The project, known as Polaris, involves collaboration with The Tor Project and the Center for Democracy and Technology and will involv...

Mozilla Adding Granular App Permissions to Firefox OS

Mozilla is set to add a feature to its mobile Firefox OS that will give users the ability to revoke any application’s permissions on a granular basis. Firefox OS is the open source operating system that Mozilla built for smartphones. The software runs on a variety of devices from manufacturers su...

ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Define the security for which plugins can be used by which users on which pages

This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allowed users. For example: Restrictions based on users and groups Controlled by normal Confluence page edit restrictions as an additional feature for the Tools dropdown. We can see a...

Define the security for which plugins can be used by which users on which pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...

Facebook Set to Let Users Edit Own Advertising Info

Facebook announced today it will soon be rolling out a new feature to give users more control when it comes to the types of advertisements they see on the site. If users are tired of getting barraged with ads for shoes, video games or discount plane tickets, they’ll not only be able to stop the...

Mail Server In a Box

Mail-Box : Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in...

Microsoft To Block Unwanted Adware July 1

Microsoft has announced this summer it will change the way it classifies adware by beginning to block unwanted and intrusive advertisements from users. New objective criteria drafted up by the company stipulates that by July 1 internet ads must have a visible close button and must clearly state...

Chrome Pop-Up Warns Windows Users of Browser Hijacking

A rising number of online scams involve the modification of browser settings where a hacker spikes a free download or website with malware. The end result is generally a click-fraud scheme of some kind where the new browser settings might include spiked search engine pages or a new home page...