(RHSA-2015:1691) Low: Red Hat Enterprise Developer Toolset Version 2 One-Month Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact...

Nexus Security Bulletin—August 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48I or later address these issues. Partners were...

FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)

[email protected] reports : An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...

Firefox 40 Begins Warning Users About Unsigned Add-Ons

With Tuesday’s release of Firefox 40, Mozilla has begun the process of requiring all add-ons for the browser to be signed. The company announced the forthcoming change in February, and Firefox 40 is the first version to warn users about unsigned add-ons. The goal for the change in policy is to...

FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification — Mozilla

Mozilla security engineer Christoph Kerschbaumer reported a discrepancy in Mozilla's implementation of Content Security Policy and the CSP specification. The specification states that blob:, data:, and filesystem: URLs should be excluded in case of a wildcard when matching source expressions but...

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...

Mozilla Patches Bug Used in Active Attacks

UPDATE–Mozilla has released a patch for a vulnerability in Firefox that was discovered when a user found it being actively exploited in the wild. The bug affects Firefox’s PDF viewer and Mozilla officials said that the exploit being used by attackers right now looked for specific files on a...

If we stand still, we go backwards

Recently, ppk claimed the web is going too fast in the wrong direction, and asked for a year's moratorium on web features. I was so angry I ran straight to a dictionary to find out what "moratorium" meant. Turns out it means "suspension". I got a bit snarky about it on Twitter, which isn't really...

OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...

Critical DoS Bug in Node.js, io.js Patched

Developers at Node.js over the weekend released a critical update to the open source runtime environment that addresses a bug that could be used to cause denial of service attacks. The JavaScript framework is used in one way or another by a handful of companies, including Netflix, PayPal, the New...

Hacking Team Couldn't Hack Your iPhone

More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to devel...

Windows shell: Babun

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io , unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to t...

[SECURITY] [DLA 266-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze12 CVE ID : CVE-2015-1819 Debian Bug : 782782 782985 783010 This upload to Debian squeeze-lts fixes three issues found in the libxml2 package. 1 CVE-2015-1819 / 782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser whi...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link: https://downloads.wordpress.org/plugin/albo-pretorio-on-line.3.2.zip Version: 3...

JVN#77386811: Explorer+ File Manager vulnerable to directory traversal

Explorer+ File Manager provided by Droidware UK contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

Mind Blowing Radar-based Gesture Recognition Technology for Everything

Since it introduced at the annual Google I/O conference, Project Soli has been trending on the Internet. Project Soli is one of Google's latest cutting-edge experiments that could actually transform the way humans interact with technology. Project Soli is not a wearable watch you might think it i...