CVE-2015-6688

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via ...

D-Link Private Code-Signing Keys Leaked

A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the...

SUSE-SU-2015:1581-1 Security update for openssh

openssh was updated to fix several security issues and bugs. These security issues were fixed: CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remo...

Bugzilla security issues

Bugzilla Security Advisory Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the...

Windows Gather Active Directory Groups

This module will enumerate AD groups on the specified domain. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Active Directory Groups', 'Description' = %q This module will...

EMC Documentum Content Server Privilege Escalation Vulnerability

EMC Documentum Content Server suffers from a privilege escalation vulnerability. Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with...

WordPress WP Symposium Plugin 15.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability Date: 2015-07-30 Exploit Author: PizzaHatHacker Vendor Homepage: http://www.wpsymposium.com/ Version: ? = version = 15.5.1 Tested on: Apache / WordPress...

'Software Liability Is Inevitable'

LAS VEGAS–The push for some form of liability for vendors who sell faulty or insecure software is nearly as old as software itself. Software makers have pushed back hard against it for decades, but the day may soon come when software liability is a reality. Bugs, defects, and security...

Researchers Uncover Chinese VPN Service Used by APT Crews for Cover

Building a business can be expensive and time-consuming, and owners will look for ways to save money wherever they can. Researchers from RSA Security have found a VPN provider in China that is taking this to an unusual extreme: hacking Windows servers around the world for use as VPN nodes on a...

Moodle 'mod/forum:canposttomygroups' security bypass vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security bypass vulnerability exists in Moodle. An attacker could exploit this...

CVE-2015-5521

Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...

PT-2015-6970 · Blackcat · Blackcat Cms

Name of the Vulnerable Software and Affected Versions: BlackCat CMS version 1.1.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the name in a new group to "backend/groups/index.php" API endpoint. This enables attackers to perform cross-site scripting XS...

On the Cisco Default SSH Keys, OPM Hack, the Adobe Zero Day, and More

Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones. Download: digitalunderground208.mp3 Music by Chris Gonsalves...

CVE-2015-4373

Cross-site scripting XSS vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group...

Cross site scripting

Cross-site scripting XSS vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group...

CVE-2015-4373

Summary: CVE-2015-4373 is a cross-site scripting (XSS) vulnerability in the OG Tabs contributed module for Drupal 7.x, affecting versions prior to 7.x-1.1. Affected component: OG Tabs module (Drupal 7.x). Root cause / vulnerability detail: Module does not sufficiently sanitize user-supplied text ...

Red Hat Satellite and Spacewalk Cross-Site Scripting Vulnerability (CNVD-2015-03621)

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat company's set of system management platform. spacewalk is based on the Red Hat Network Satellite and the development of a set of open source Linux system management solutions. A cross-site...

Failed to prepare guest for SQL Server transaction log backup Details: Job owns SQL Server transaction logs backup

Challenge Microsoft SQL Server Log Backup job displays the following warning: Failed to prepare guest for SQL Server transaction log backup Details: Job owns SQL Server transaction logs backup This issue can also occur for Oracle Archived Log Backup, and will display the following warning: Cannot...

New Coalition Launches Fight Against Patriot Act Section 215

A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new...