[SECURITY] Fedora 20 Update: drupal7-ctools-1.7-1.fc20

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

(RHSA-2015:0753) Low: Red Hat Enterprise Developer Toolset Version 2 Six-Month Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact...

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...

Without jailbreak iPhone 6 on steal Alipay and wechat payment account password-loophole warning-the black bar safety net

The vulnerability is iOS system vulnerabilities,and Alipay,wechat app has nothing to do. This article just take Alipay and micro letter as a demonstration of the vulnerability of the application,other applications can also be caught,forwarding those who do not taken out of context. This...

Facebook Messenger Platform Launches at F8 Developer Conference

Yesterday at its annual F8 Developer Conference in San Francisco, Facebook officially turned its Messenger app into a Platform. Facebook's Messenger Platform allows third-party app developers to integrate their apps with Facebook messenger app. However, other popular messaging apps are already...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin Author: Kaustubh G. Padwad...

CVE-2015-0149

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

Design/Logic Flaw

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

This module provides a set of APIs and tools to improve the developer experience. Access bypass in autocomplete Drupal 7 only Among other many other things, CTools provides an autocomplete callback for finding entities by their titles or ID. In CTools version 1.5, additional checks were created t...

Google Now Manually Reviews Play Store Android App Submissions

Google has changed the way it managed apps on the Google Play Store. After years of depending on the automated app check process, the company just made some changes to its Play Store policies that will successfully weed out malicious and undesirable apps from Google Play store. Google has...

[SECURITY] [DLA 175-1] gnupg security update

Package : gnupg Version : 1.4.10-4+squeeze7 CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Debian Bug : 778652 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by...

JVN#09871547: Maroyaka Image Album vulnerable to cross-site scripting

Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)

The Mozilla Project reports : MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

X (Formerly Twitter): Cross site Port Scanning bug in twitter developers console

This vulnerability allow a port scanning a remote machine on internet . an attacker can scan a remote machine through this vulnerability using twitter ip as a proxy . The vulnerability exit on url https://dev.twitter.com/rest/tools/console through console an attacker can use GET or POST request...

JVN#88862608: Joyful Note vulnerability in handling files

Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...