JVN#58455472: OSSEC Web UI vulnerable to cross-site scripting

OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

Debian DSA-3645-1 : chromium-browser - security update

Several vulnerabilites have been discovered in the chromium web browser. - CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. - CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. - CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issu...

[SECURITY] [DSA 3645-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3645-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3645-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue...

DSA-3645-1 chromium-browser - security update

Bulletin has no description...

CVE-2016-5143

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

Path traversal

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

CVE-2016-5144

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

CVE-2016-5143

CVE-2016-5143 affects Google Chrome’s Blink DevTools prior to 52.0.2743.116 and involves mishandling of the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter. This allows remote attackers to bypass intended access restrictions via a crafted URL. Connected Debian advisori...

CVE-2016-5144

The CVE-2016-5144 issue affects Blink’s Developer Tools in Google Chrome prior to 52.0.2743.116, where mishandling of the script-path hostname, remoteBase, and remoteFrontendUrl parameters allowed bypassing of access restrictions via a crafted URL. Connected sources also note the related CVE-2016...

CVE-2016-5144

Removed by vendor...

CVE-2016-5143

Removed by vendor...

CVE-2016-5143

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

CVE-2016-5144

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

Payplans SQLi

SQL Injection In PayPlans. readybytes developer update notice. http://www.readybytes.net/blog/item/payplans-sql-injection-blog.html Community notified report...

JVN#40696431: EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection

EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the...

How to run Graphical Ubuntu Linux from Bash Shell in Windows 10

You might be aware of Microsoft and Canonical's partnership to integrate "Bash on Ubuntu on Windows 10," which is typically a non-graphical Ubuntu running over Windows Subsystem for Linux. Windows 10 doesn’t officially support graphical Linux desktop applications. But, now we have noticed a very...

KLA10841 OSI vulnerability in Microsoft Developer Tools

Information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2016-3255 Related products Microsoft-.NET-Framework CVE list CVE-2016-3255 critical KB list 3172985 3163912 3164024...