The vulnerability of the OpenJDK application developer’s tools allows a hacker to execute arbitrary code.

The vulnerability of the .desktop file in the OpenJDK application development kit lies in the fact that it contains a MIME registration, which is added to /etc/mailcap. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Scareware Signed with Apple Cert Targets Mac OS X Machines

A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. “Sadly, this particular developer certificate...

WordPress Update Fixes SSRF, Open Redirect Vulnerability

Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried...

JVN#12165579: Vine MV vulnerable to cross-site scripting

Vine MV contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Vine MV prior to commit...

JVN#54686544: HOME SPOT CUBE multiple vulnerabilities

HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

Use-after-free in NSS during SSL connections in low memory — Mozilla

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...

Unspecified Vulnerability in Oracle Database XML Developer's Kit for C Component

Oracle Database is a large database of commercial nature. An unspecified security vulnerability exists in the Oracle Database XML Developer's Kit for C component, which could be exploited by remote attackers to conduct denial-of-service attacks...

Telegram (API) - Cross Site Request Forgery Vulnerabilities

Document Title: =============== Telegram API - Cross Site Request Forgery Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1648 Release Date: ============= 2016-01-17 Vulnerability Laboratory ID VL-ID: ====================================...

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

[SECURITY] [DLA 383-1] claws-mail security update

Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...

developer.ebay.com XSS vulnerability

Vulnerable URL: http://developer.ebay.com/r/?url=javascript:alert%28%27xssposed%27%29 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 6 VIP...

Joomla HTTP Header Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...

JVN#71730320: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework contains an SQL injection vulnerability CWE-89 due to the argument of the ORDER BY clause. Impact An attacker who can access the product may execute SQL commands. Solution Update the Software Update to the latest version...

Microsoft Silverlight CVE-2015-6114 Information Disclosure Vulnerability

Description Microsoft Silverlight is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to gain access to potentially sensitive information that may aid in further attacks. Technologies Affected Microsoft Silverlight 5 Developer Runtime Microsoft Silverligh...

EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection

Overview BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

pcs security update

CentOS Errata and Security Advisory CESA-2015:2290 An updated pcs package that fixes one security issue, several bugs, and add various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

How to Root Windows Phone and Unlock the Bootloader to Install Custom ROMs

Yes, Now it is possible to unlock a Windows Lumia Phone for Root Access and run custom ROMs. Both Microsoft as well as Nokia have made Windows Lumia smartphones difficult to break into at a low-level by locking down their bootloaders, but a software hacker, who go by the name HeathCliff, has just...

cckseblod 1.x Directory Traversal

comcckseblod aka seblod 1.x for Joomla 1.5 1.9.0 and all previous versions Directory Traversal Resolution: update to 1.9.1 Update notice: http://www.seblod.com/changelogs?sebchangelogproduct=cck1x Developer states that Seblod 3.x, the version compatible with Joomla 2.5 and 3, is not vulnerable...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

Code injection

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app...