Code Injection in jadonk/bonescript

Overview BoneScript is a node.js library for physical computing on embedded Linux, starting with support for BeagleBone. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in the setDate function. Proof of...

Updated cinnamon-settings-daemon packages fix security vulnerability

It was found that csd-datetime-setting SetDate DBUS function does not check the polkit authorization for the caller, Unlike SetTime...

php security, bug fix and enhancement update

5.3.3-22 - php-xml provides php-xmlreader and php-xmlwriter 874987 - fix possible NULL derefence and buffer overflow 879179 - fix zend garbage collector 848186, 868375 5.3.3-21 - fix CVE reference in previous changelog entry 5.3.3-20 - remove reproducer from security fix for CVE-2012-0781 5.3.3-1...

Unfixed XSS vulnerability at www.howpweb.cn

Security researcher kusomiso.com, has submitted on 07/10/2007 a cross-site-scripting XSS vulnerability affecting www.howpweb.cn, which at the time of submission ranked 5759165 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/10/2007. It is...