Google Patches Clickjacking Bug in API Explorer

Google has patched a clickjacking vulnerability that a researcher says would enable an attacker to retrieve or delete email conversations, manipulate YouTube and Google Plus accounts, and more. A Google representative said in an email to Threatpost that the bug affected developers who had...

HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation

Document Title: =============== HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1389 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 1389...

JVN#26860747: TransmitMail vulnerable to cross-site scripting

TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

JVN#41653647: TransmitMail vulnerable to directory traversal

TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to t...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Kunena,3.0.7 and previous

Kunena,3.0.7 and previous,Other Resolution: update to 3.0.8 Update notice url: http://www.kunena.org/blog/143-kunena-3-0-8-released Note that the developer did not inform the VEL...

PayPal Wants To Integrate Password with Human Body

You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortabl...

How To Run Android Apps in Chrome Browser with Google ARC

Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" ARC project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome ARC Welder that allows Android apps to run...

[SECURITY] Fedora 21 Update: drupal7-ctools-1.7-1.fc21

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

[SECURITY] Fedora 20 Update: drupal7-ctools-1.7-1.fc20

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

(RHSA-2015:0753) Low: Red Hat Enterprise Developer Toolset Version 2 Six-Month Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact...

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...

Without jailbreak iPhone 6 on steal Alipay and wechat payment account password-loophole warning-the black bar safety net

The vulnerability is iOS system vulnerabilities,and Alipay,wechat app has nothing to do. This article just take Alipay and micro letter as a demonstration of the vulnerability of the application,other applications can also be caught,forwarding those who do not taken out of context. This...

Facebook Messenger Platform Launches at F8 Developer Conference

Yesterday at its annual F8 Developer Conference in San Francisco, Facebook officially turned its Messenger app into a Platform. Facebook's Messenger Platform allows third-party app developers to integrate their apps with Facebook messenger app. However, other popular messaging apps are already...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin Author: Kaustubh G. Padwad...

CVE-2015-0149

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

Design/Logic Flaw

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

This module provides a set of APIs and tools to improve the developer experience. Access bypass in autocomplete Drupal 7 only Among other many other things, CTools provides an autocomplete callback for finding entities by their titles or ID. In CTools version 1.5, additional checks were created t...

Google Now Manually Reviews Play Store Android App Submissions

Google has changed the way it managed apps on the Google Play Store. After years of depending on the automated app check process, the company just made some changes to its Play Store policies that will successfully weed out malicious and undesirable apps from Google Play store. Google has...