Safari User-Assisted Applescript Exec Attack

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by...

SAP HANA Developer Edition DB Eval Injection Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP, Germany, of which SAP HANA Developer Edition DB is a development version of the database. An Eval injection vulnerability exists in the test-net.xsjs file in the Web-based Development Workbench for SAP HANA Developer Editi...

firefox: cross-origin restriction bypass

Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

CVE-2015-7729

CVE-2015-7729 affects SAP HANA Developer Edition DB Web-based Development Workbench, specifically the file test-net.xsjs . The vulnerability is an eval injection that allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors. This is associated with SAP Security Not...

[SECURITY] [DLA 325-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze16 CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-7613 This update fixes the CVEs described below. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be...

w00t! Google OnHub Router actually Runs on Chrome OS; Here's How to Root it

Are you intrigued with the idea of disassembling things and making them work your ways? Then you’ll find this coverage to be one of its kind! Google OnHub Router runs ChromiumOS Chrome OS, the same Linux-based operating system that powers Google Chromebook laptops and desktops. Yeah, It's True. A...

(RHSA-2015:1853) Low: Red Hat Enterprise Developer Toolset Version 2 Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering was retired on September 30, 2015, and support is no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security...

JVN#04855224: baserCMS fails to restrict access permissions

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Impact User information may be changed to arbitrary values by a logged in attacker...

Errors in the handling of CORS preflight request headers — Mozilla

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing CORS "preflight" requests...

Android 5. x-System-lock-screen bypass vulnerability, multi-vulnerability warning-the black bar safety net

Even if you use encryption the lock screen, the one present in Android 5. 1. 1 before the 5. x system vulnerabilities will also help an attacker to successfully bypass and get you phone access access. ! When your phone's camera app is in the active state, the hacker through the encrypted password...

CVE-2015-6464

The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...

Hacker Demonstrated Untethered iOS 9 Jailbreak On Video

Good News for Jailbreakers! Just within 24 Hours after the launch of iOS 9 at Apple's Annual Event, a well-known iOS hacker has managed to untether jailbreak iOS 9. That's quite impressive. Believe it, iOS 9 has been Jailbroken! A reputed hacker 'iH8sn0w', who previously developed the popular...

[SECURITY] Fedora 21 Update: drupal6-ctools-1.14-1.fc21

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

[SECURITY] Fedora 22 Update: drupal6-ctools-1.14-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

[SECURITY] Fedora 23 Update: drupal6-ctools-1.14-1.fc23

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

BBS X102 vulnerable to cross-site scripting

Overview BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this vulnerabili...

hitSuji (rktSNS2) vulnetable to cross-site scripting

Overview hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this...

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...