CVE-2014-7241

The CVE-2014-7241 issue affects the TSUTAYA App for Android (versions 5.3 and earlier). A vulnerability allows a remote attacker to cause arbitrary Java method execution by presenting a crafted HTML document. This is documented across multiple sources (NVD, CNVD, JVN) and is mitigated by updating...

PT-2020-7585 · Dbi +3 · Dbi +3

Name of the Vulnerable Software and Affected Versions: DBI module versions prior to 1.632 for Perl Description: An issue in the DBI module for Perl may lead to memory corruption when using many arguments to methods for Callbacks. Recommendations: For versions prior to 1.632, update to version 1.6...

zANTI 2.0 - Android Network Toolkit

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to...

PTC IsoView Activex Control Multiple Animation Methods Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Visa, MasterCard Remove Passwords from 3D Secure

Payment giants Visa and MasterCard announced plans to eliminate the need for password authentication in the companies’ respective “Verified by Visa” and “SecureCode” payment platforms which are designed to add an additional layer of security to online transactions. In a press release, MasterCard...

X (Formerly Twitter): Options Method Enabled

Vuln Details: Domain: https://vine.co/ I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact: Information disclosed from this page can be used to gain additional information about the target system Remedy: Disable OPTIONS method in all production systems...

Smartphone Owners Lack Motivation to Adequately Lock Devices

A quarter of smartphone owners don’t lock their devices because they don’t believe they have any data worth protecting. Even more refrain from doing it because they feel like it’s too much of a hassle. That’s at least according to a new study carried out by six researchers, four from the Universi...

SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass

This module provides payment methods for the Drupal Commerce package to permit the use of the Authorize.Net payment gateway's SIM and DPM payment protocols. Access Bypass The module doesn't sufficiently protect the Drupal Commerce order number passed to the Authorize.Net payment gateway, allowing...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

CVE-2014-0168

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

CVE-2014-0168

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

X (Formerly Twitter): Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]

i've found a new critical logical vulnerability that allow deleteing credit card of any twitter account in ads.twitter.com , the vulnerability affects the Dismiss functionality of credit cards in payments methods section the vulnerability is similair to the one i've reported earlier h1 report 272...

CVE-2014-3514

activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes createwith calls...

Ubuntu 14.04 LTS : Subversion vulnerabilities (USN-2316-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2316-1 advisory. Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote...

ssh-auth-methods NSE Script

Returns authentication methods that a SSH server supports. This is in the "intrusive" category because it starts an authentication with a username which may be invalid. The abandoned connection will likely be logged. Example Usage nmap -p 22 --script ssh-auth-methods --script-args="ssh.user="...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...