[SECURITY] [DLA 175-1] gnupg security update

Package : gnupg Version : 1.4.10-4+squeeze7 CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Debian Bug : 778652 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by...

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

JVN#09871547: Maroyaka Image Album vulnerable to cross-site scripting

Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...

FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)

The Mozilla Project reports : MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

X (Formerly Twitter): Cross site Port Scanning bug in twitter developers console

This vulnerability allow a port scanning a remote machine on internet . an attacker can scan a remote machine through this vulnerability using twitter ip as a proxy . The vulnerability exit on url https://dev.twitter.com/rest/tools/console through console an attacker can use GET or POST request...

JVN#88862608: Joyful Note vulnerability in handling files

Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

Use-after-free in Developer Console date with OpenType Sanitiser — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a problem with OpenType Sanitiser OTS that resulted in a use-after-free while expanding macros in some circumstances. This use-after-free was only used for information displayed in the developer console and was not...

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher

Title:- XSS In Image-Metadata-Cruncher Author: Kaustubh G. Padwad Product: image-metadata-cruncher pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Auth: Requierd Description: Vulnerable Parameter: Alternate text: Caption: Custom image meta tags: Vulnerability...

WordPress Image Metadata Cruncher CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin Author: Kaustubh G. Padwad CVE-ID : CVE-2015-1614 Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Description: Vulnerable Parameter: Alternate text,Caption,Custom image meta...

Value 1 2 5 0 0 dollars to the Facebook album delete vulnerability-vulnerability warning-the black bar safety net

Overview: if your photo is deleted unknowingly, what will you do? Obviously, this problem is very annoying huh? This post is to say I found a vulnerability which allows a malicious user to delete Facebook on any album. Yes, any user, page, group, photo album can be deleted. The Graph API is the...

WordPress Video Gallery 2.7 SQL Injection

Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip Dork Google:...

CVE-2014-8838

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

Code injection

securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...

Design/Logic Flaw

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

CVE-2014-8831

securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...

CVE-2014-8838

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...