RelateIQ: Failed Certificate Validation On Custom Server (Register)

Hi, in the register page a custom server can be used to define "where to connect to". Your system does not validate the SSL certificate of this host which makes it easy to tamper with the data your system do in behalf of the user. As only SSL links are allowed by the application the user could...

Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...

Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities

Overview Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting vulnerabilities. Description Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting...

Adobe Releases Security Update for Adobe Shockwave Player

Adobe has released a security update to address a vulnerability in Adobe Shockwave Player 12.0.7.148 and earlier versions for Windows and Macintosh operating systems. Exploitation of this vulnerability could allow an attacker to take control of the affected system. US-CERT recommends that users a...

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the...

Dell KACE K1000 management appliance contains a cross-site scripting vulnerability

Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS...

Google Releases Google Chrome Updates

Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows, Macintosh, Adobe Flash Player 11.2.202.332, and Linux to address multiple vulnerabilities that may allow an attacker to take control of the affected system. Affected software versions: Adobe...

Microsoft Releases January 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates for Adobe Reader and Acrobat XI 11.0.05 and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions: Adobe Reader XI 11.0.05 and earlier 11.x versions for Windows and Macintosh Adobe Reader X 10.1...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari 6.1.1 and Safari 7.0.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to obtain sensitive information, execute arbitrary code or cause a denial-of-service condition. Safari 6.1.1 and Safari 7.0.1 updates are...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash .swf content exists. These vulnerabilities could cause a crash and...

Adobe Releases Security Update for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends...

Microsoft Releases December 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Exchange, Microsoft SharePoint, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for December 2013. These vulnerabilities...

Google Releases Google Chrome 31.0.1650.63

Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition. US-CERT encourages users and...

Master Password Protection added to Google Chrome's Password Manager

Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL ...

BlackBerry Releases Security Advisory

BlackBerry has released a security advisory to address potential vulnerabilities that affect a remote file access feature within BlackBerry Link for Blackberry 10 Operating Systems. These vulnerabilities could allow an attacker to obtain elevation of privilege or execute arbitrary code remotely...

Google Releases Google Chrome 31.0.1650.48

Google has released Google Chrome 31.0.1650.48 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition or bypass intended security restrictions. US-CERT encourages users and...

Microsoft Addresses New Watering Hole Attack in the November, 2013 Security Bulletin Release

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer and Office as part of the Microsoft Security Bulletin Summary for November, 2013. These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of...

Cisco Releases Security Advisory

Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR. These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition...