JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

Apple Mac OS X 10.11 'El Capitan' Update unveiled at WWDC 2015

After Google made its Android users happy by unveiling new features in Google I/O developer conference last month, it’s now time for Apple fans…WWDC 2015 event is upon us. Apple’s Worldwide Developers Conference is going on in San Francisco and the company has many new surprises for its users. On...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

Malicious Minecraft apps affect 600,000 Android Users

So you love Minecraft? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security...

(0Day) Visual Mining NetCharts Server Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Developer tools. An attacker can use the projectContents.jsp page t...

OS Property - Joomla Real Estate sqli pre 2.8.1

OS Property - Joomla Real Estate sqli 12th May 2014 - New version 2.8.1 ============== Bug Fixed =============== 1. SQL Injection solved developer did not inform VEL...

Google Changes Policy on Chrome Extensions

Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store. The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome...

WordPress Developer Formatter Plugin <= 2013.0.1.40 - Cross Site Scripting

This plugin is prone to a devformatter.php multiple field cross site scripting vulnerability. Solution Update the plugin...

Instant v2.0 SQL Injection Vulnerability

========================================================================================== Instant v2.0 SQL Injection Vulnerability ==========================================================================================...

Android M — Latest Google Android OS to be Unveiled This Month

While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco. Android M — The name of the latest version of Android mobile...

WordPress Plugin Freshmail 1.5.8 - SQL Injection

Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms where formid="'.$result'fmformid'.'";'...

Google Patches Clickjacking Bug in API Explorer

Google has patched a clickjacking vulnerability that a researcher says would enable an attacker to retrieve or delete email conversations, manipulate YouTube and Google Plus accounts, and more. A Google representative said in an email to Threatpost that the bug affected developers who had...

HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation

Document Title: =============== HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1389 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 1389...

JVN#26860747: TransmitMail vulnerable to cross-site scripting

TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

JVN#41653647: TransmitMail vulnerable to directory traversal

TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to t...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Kunena,3.0.7 and previous

Kunena,3.0.7 and previous,Other Resolution: update to 3.0.8 Update notice url: http://www.kunena.org/blog/143-kunena-3-0-8-released Note that the developer did not inform the VEL...

PayPal Wants To Integrate Password with Human Body

You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortabl...

How To Run Android Apps in Chrome Browser with Google ARC

Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" ARC project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome ARC Welder that allows Android apps to run...

[SECURITY] Fedora 21 Update: drupal7-ctools-1.7-1.fc21

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...