CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...

CVE-2015-7985

Valve Steam 2.10.91.91 has weak permissions on the Install folder (Users: read/write), enabling local privilege escalation via a trojan steam.exe. Affected component: Steam Install directory; root cause: improper file permissions. Impact: local privilege gain; exploitation details or in-wild stat...

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...

openSUSE Security Update : roundcubemail (openSUSE-2015-699)

roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed : - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder...

Subrion 3.x - Multiple Vulnerabilities

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...

ownCloud Server Cross-Site Scripting Vulnerability

ownCloud Server is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. ownCloud Server is a server version. A cross-site scripting vulnerability exists in ownCloud Server versions prior to 7.0.5 and 8.0.4 and prior to 8.0.x. The vulnerability...

CVE-2015-5953

Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...

CVE-2015-5953

Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...

IPython Notebook and Jupyter Notebook Cross-Site Scripting Vulnerabilities

IPython is an enhanced version of Python's native interactive shell developed by the IPython team.Notebook is one of the development environments.Jupyter Notebook is one of the suite of web applications for creating and sharing code and illustrative text documents. A cross-site scripting...

Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends...

DEBIAN-CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

PYSEC-2015-26

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

PYSEC-2015-24

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

UBUNTU-CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

MGASA-2015-0372 Updated ipython packages fix CVE-2015-6938

Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...

Microsoft is Auto-Downloading Windows 10 to PCs, Even If You Don't Want it

Microsoft wholeheartedly wants you to upgrade to Windows 10. So much that even if you have not opted-in for Windows 10 upgrade, you will get it the other way. Surprised? If you have Windows Update enabled on your PCs running Windows 7 or Windows 8.1, you’ll notice a large file — between 3.5GB and...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...

Ganglia Web Frontend < 3.5.1 - PHP Code Execution

Assuming that ganglia is installed on the target machine at this path:/var/www/html/ganglia/ 2. Assuming the attacker has minimal access to the target machine and can write to "/tmp". There are several methods where a remote attacker can also trigger daemons or other system processes to create...