CVE-2014-4638

EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors...

CVE-2014-4639

CVE-2014-4639 affects EMC Documentum Web Development Kit (WDK) before 6.8. The issue is insufficient randomness in a Webtop component parameter, enabling remote attackers to predict the parameter and carry out phishing via brute-force attempts. The ESA-2014-180 advisory lists this under multiple ...

EMC Documentum Web Development Kit (WDK) URL Redirection Vulnerability

The EMC Documentum Web Development Kit WDK is a Web development kit. The EMC Documentum Web Development Kit WDK contains a URL redirection vulnerability that can be exploited by an attacker to construct URLs that contain malicious Web sites, which may be redirected to an attacker-controlled Web...

Unspecified Framework Injection Vulnerability in EMC Documentum Web Development Kit (WDK)

The EMC Documentum Web Development Kit WDK is a Web development kit. An unspecified frame injection vulnerability exists in EMC Documentum Web Development Kit WDK, which can be exploited by attackers to conduct phishing attacks...

Multiple Cross-Site Scripting Vulnerabilities in EMC Documentum Web Development Kit (WDK)

The EMC Documentum Web Development Kit WDK is a Web development kit. The EMC Documentum Web Development Kit WDK contains multiple cross-site scripting vulnerabilities that could be exploited by an attacker to execute arbitrary script code in a browser without the user's knowledge in an affected...

Ophcrack-3.5.0---Local-Code

Exploit Author: xisone@STM Solutions Vendor Homepage: http://ophcrack.sourceforge.net/ Software Link: http://downloads.sourceforge.net/ophcrack/ophcrack-win32-installer-3.5.0.exe Version: 3.5.0 shellcode = windows/exec EXITFUNC=seh CMD=calc R | msfencode -e x86/alphamixed bufferregister=esp -t c...

Hacker Leaks Xbox One SDK that could let Developers make Homebrew Apps

Just a week ago on Christmas, the massive Distributed Denial of Service DDoS attack from the notorious hacking group Lizard Squad knocked Sony’s PlayStation Network and Microsoft’s Xbox Live offline, but as if it wasn't the end of disaster for Microsoft. This time it isn't a case of services bein...

[SECURITY] Fedora 20 Update: mingw-openssl-1.0.1j-1.fc20

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

[SECURITY] Fedora 21 Update: php-5.6.4-2.fc21

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Android Studio - The official Android IDE

Android Studio is the official IDE for Android application development, based on IntelliJ IDEA. On top of the capabilities you expect from IntelliJ, Android Studio offers: Flexible Gradle-based build system Build variants and multiple apk file generation Code templates to help you build common ap...

JVN#61181790: LinPHA vulnerable to cross-site scripting

LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use LinPHA LinPHA is no longer being developed or maintained, therefore it is recommended to...

JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...

[SECURITY] Fedora 20 Update: python-django14-1.4.16-1.fc20

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 19 Update: python-django14-1.4.16-1.fc19

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

HP Helion Cloud Development Platform restriction bypass

Same key is used in different installations...

'Regin' - 'State-Sponsored' Spying Tool Targeted Govts, Infrastructures for Years

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. The nasty malware, dubbed "Regin", is said to ...

[SECURITY] Fedora 19 Update: python-pillow-2.0.0-16.gitd1c6db8.fc19

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

[SECURITY] Fedora 20 Update: python-pillow-2.2.1-7.fc20

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)

It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532...