Design/Logic Flaw

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security...

CVE-2014-4234

Technical details of CVE-2014-4234 are not publicly available in the provided documents; no affected product versions, vectors, impact, or remediation are specified. Monitor for updates.

CVE-2014-4229

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security...

CVE-2014-4229

Technical details about CVE-2014-4229 are not publicly disclosed in the provided documents; no concrete information on affected products, vulnerability type, impact, or remediation is available here. Monitor for official updates.

Microsoft Expands TLS, Forward Secrecy Support

Microsoft is no exception when it comes to large technology providers committing to encrypting the services its users depend on. Today, the company announced an update on the progress it has made in engineering those changes, including the news that Outlook.com, its web-based email service,...

Free Simple Software SQL Injection Vulnerability

No description provided by source. 'Free Simple Software' SQL Injection Vulnerability CVE-2010-4298 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELEC...

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors: ------------------------- Arra...

PHCDownload 1.1 - upload/install/index.php step Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28922/info PHCDownload is prone to an SQL-injection and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...

PHPX 3.5.15/3.5.16 users.php user_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

Irokez Blog 0.7.3.2 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/33931/info Irokez Blog is prone to multiple input-validation vulnerabilities: - A cross-site scripting issue - An SQL-injection issue - Multiple remote file-include issues Exploiting these issues could allow an attacker t...

Crowdsourcing a Tool for Application Vulnerability Research

Pulling in security help on a project has traditionally meant either hiring more full-time help, or bringing in an outside consultant. Enterprises and vendors alike, however, are starting to really go outside the perimeter these days and are taking advantage of crowdsourcing. Given the paranoia i...

AT&T Warns Customers of Data Breach

AT&T has notified some of its mobile customers that employees of one of its contractors accessed some customer information, including birth dates and Social Security numbers, in an effort to generate codes that could be used to unlock devices. The company did not specify how many customers were...

Feedly and Evernote Hit by DDoS Attacks, Extortion Demands

Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service DDoS attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its...

DotNetNuke CodeEditor Arbitrary File Download

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® CodeEditor Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

Spotify Hacked, Urges Android Users to Upgrade app and Change Password

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers. Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up...

Target finally Plans to issue Chip and PIN Credit Cards

The massive data breaches in U.S largest retailers 'Target', marked the largest card heists in the U.S. history in which financial credentials of more than 110 million customers were compromised, have forced the retailer to take step towards more secure transactions. The retailer company on Tuesd...

Microsoft OneDrive Secretly Modifies your BackUp Files

Until now, our privacy has been violated by many big Internet Services, including Google who uses our personal information for the advertising purposes and this is exactly how the companies handle the mass of personal data we provide them. But, recent report about another big giant Microsoft show...

Viber's Poor Data Security Practices Threaten Users' Privacy

Last week we reported a critical vulnerability in the world's most popular messaging application WhatsApp, that could expose users’ GPS location data to hackers and was discovered by the researchers at UNH Cyber Forensics Research & Education Group. Same Group of researchers reported new set of...

UBUNTU-CVE-2014-2444

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB...