Google Play privacy issue, sends app buyers personal details to developers

Google is again under attack for its apparent mishandling of its users’ personal information. An Australian software developer 'Dan Nolan' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post, Nolan...

Fedora Update for libupnp FEDORA-2013-1713

Check for the Version of libupnp OpenVAS Vulnerability Test Fedora Update for libupnp FEDORA-2013-1713 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for libupnp FEDORA-2013-1765

Check for the Version of libupnp OpenVAS Vulnerability Test Fedora Update for libupnp FEDORA-2013-1765 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for libupnp FEDORA-2013-1734

Check for the Version of libupnp OpenVAS Vulnerability Test Fedora Update for libupnp FEDORA-2013-1734 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Google Play Gives User Data to App Devs

Android application developer Dan Nolan claims that the Google Play store sends software developers the names, approximated locations, and email addresses of every individual that downloads one of their applications. Nolan created a “Paul Keating Insult Generator” application that is apparently...

GREE for Android vulnerable to directory traversal

Overview GREE for Android contains a directory traversal vulnerability. GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

Android malware with ability to install Backdoor on Computers

Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These...

Debian DSA-2614-1 : libupnp - several vulnerabilities

Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the uniqueservicename function. An attacker sending carefully crafted SSDP queries t...

Debian Security Advisory DSA 2615-1 (libupnp4 - several vulnerabilities)

Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the uniqueservicename function. An attacker sending carefully crafted SSDP queries ...

DSA-2615-1 libupnp4 - several

Bulletin has no description...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers...

Debian: Security Advisory (DSA-2614-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser. The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have...

vino security update

CentOS Errata and Security Advisory CESA-2013:0169 An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

vino-preferences does not warn about UPnP especially with no password and no confirmation.

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks...

Exprespam Android Malware Steals Upwards to 75,000 Bits of Information

Early research from Symantec estimates that spammers behind a new type of Android malware may have already stolen “between 75,000 and 450,000 pieces of personal information” from Japanese users. While these numbers may be disparate it does suggest the malware, , has been successful since popping ...

Faux, Hacked Apps Continue to Litter Google Play Marketplace, Developer Alleges

Phony, potentially malicious apps are continuing to make their way into Google’s Play marketplace, triggering debate over whether applications are being properly vetted for adhering to the company’s marketplace policies. Developers at the Root Uninstaller Team have called out another app publishe...

Developer expelled by Google Play Store on posting Malicious Android apps

Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account...

Developer expelled by Google Play Store on posting Malicious Android apps

Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account...