6653 matches found
CVE-2016-3838
Android 6.x before 2016-08-01 allows attackers to cause a denial of service loss of locked-screen 911 functionality via a crafted application that uses the app-pinning feature, aka internal bug 28761672...
CVE-2016-3838
CVE-2016-3838 affects Android 6.x prior to 2016-08-01. The issue is a denial-of-service in which a crafted application using the app-pinning feature can cause loss of the locked-screen 911 functionality (internal bug 28761672). Connected sources corroborate the vulnerability as described in CVE r...
megamedia.pl XSS vulnerability
Vulnerable URL: http://www.megamedia.pl/szukaj.php?n=t=x" onmouseover=promptOPENBUGBOUNTY " Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 393123 VIP website status:| No Check...
Gratipay: Content Spoofing/Text Injection
Researcher @ahsantahir reported a content spoofing on the search functionality. The search query was displayed in the page, but without any prefix. We added "Results for:", so nobody can be misinformed. This has been fixed in the last version and the fix is now deployed. Thanks for making Gratipa...
[SECURITY] Fedora 23 Update: kf5-kross-5.24.0-1.fc23
Kross is a scripting bridge to embed scripting functionality into an application. It supports QtScript as a scripting interpreter backend...
[SECURITY] Fedora 23 Update: kf5-bluez-qt-5.24.0-1.fc23
BluezQt is Qt-based library written handle all Bluetooth functionality...
[SECURITY] Fedora 23 Update: kf5-baloo-5.24.0-1.fc23
A Tier 3 KDE Frameworks 5 module that provides indexing and search function ality...
[SECURITY] Fedora 24 Update: kf5-baloo-5.24.0-1.fc24
A Tier 3 KDE Frameworks 5 module that provides indexing and search function ality...
[SECURITY] Fedora 24 Update: kf5-bluez-qt-5.24.0-1.fc24
BluezQt is Qt-based library written handle all Bluetooth functionality...
90minut.pl XSS vulnerability
Vulnerable URL: http://www.90minut.pl/szukaj.php?tekst=Legia%25...
Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)
The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...
ruilen.nl XSS vulnerability
Vulnerable URL: https://www.ruilen.nl/advertenties/zoeken.php?list=1=0==" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1837734 VIP website status:| No Check ruilen.nl SSL...
SQL injection attack
PMASA-2016-40 Announcement-ID: PMASA-2016-40 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...
wikimapia.org XSS vulnerability
Vulnerable URL: http://wikimapia.org/search/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3199 VIP website status:| Yes Check wikimapia.org SSL connection:| Grade: F Coordinated...
SQL injection attack
PMASA-2016-34 Announcement-ID: PMASA-2016-34 Date: 2016-07-12 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...
stappenvzw.be XSS vulnerability
Vulnerable URL: http://www.stappenvzw.be/zoeken.php?searchstring=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7147309 VIP website status:| No Check stappenvzw.be SSL connection...
Apple Patents Technology to remotely disable your iPhone Camera at Concerts
Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent, granted on...
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...
CVE-2016-4803
CVE-2016-4803 affects dotCMS prior to 3.3.2, where the sendEmail functionality is vulnerable to CRLF injection in the subject, enabling remote attackers to inject arbitrary email headers. Root cause is unsanitized CRLF sequences in email header fields. Impact described as header injection risk fo...
Google Play Hit With Rash of Auto-Rooting Malware
Researchers have identified a recent wave of malware targeting the Google Play app marketplace that entices users to download utilities and games that when installed surreptitiously root devices. The exploit, which mobile security firm Lookout calls autorooting malware, gives attackers complete...