CVE-2016-1699

Removed by vendor...

Debian Security Advisory DSA 3594-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1698 Rob Wu discovered an information leak. CVE-2016-1699...

DSA-3594-1 chromium-browser - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...

JVN#32218514: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

NetCommons vulnerable to privilege escalation

Overview NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user wi...

JVN#00460236: NetCommons vulnerable to privilege escalation

NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Impact A user with secretariat privileges "CLERK" may create a user with system administrator privileges "SYSTEMADMIN". Solution Update the Software Update the software according to the information provid...

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

KLA10802 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2016-0149 Related products Microsoft-.NET-Framework CVE list CVE-2016-0149 warning KB list 3156421 3156387 314202...

Android Security Bulletin—May 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

Allround Automations PL/SQL Developer Installed

Binary data allautoplsqldeveloper.nbin...

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

In-Brief: Telegram Vulnerability, Malware in Nuclear Plant, Anti-Tor Malware and Hotpatching Exploit

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop’s web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a...

Allround Automations PL/SQL Developer Arbitrary Code Execution Vulnerability

Allround Automations PL/SQL Developer is an integrated development environment for developing stored procedures for Oracle Databases. An arbitrary code execution vulnerability exists in Allround Automations PL/SQL Developer, which can be exploited by an attacker to execute arbitrary code...

JVN#47473944: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A remote attacker may bypass IP address restrictions and access the login page to the management screen. Solution Apply the update or the patch Apply the upda...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Design/Logic Flaw

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...