CVE-2015-2846

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

CVE-2015-2846

CVE-2015-2846 affects BitTorrent Sync (BTSync.exe) where the BTSync protocol handler fails to properly validate btsync: URLs, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a crafted file/link) and results in arbitrary command executio...

BitTorrent Sync BTSync.exe Arbitrary Code Execution Vulnerability

BitTorrent Sync is a set of data synchronization tools developed by the American company BitTorrent. The tool synchronizes files between different devices over LANs and the Internet using secure, distributed P2P technology. An arbitrary code execution vulnerability exists in BitTorrent Sync's...

BitTorrent Sync （peer-to-peer file synchronization system on there is a high risk of command injection vulnerability-vulnerability warning-the black bar safety net

According to HP 0day plans ZDI in last week's announcement that BitTorrent Sync on the presence of a high-risk vulnerability, an attacker can remotely execute arbitrary code. The black bar safety net science BitTorrent Sync is BitTorrent network technology company launched in multiple computers f...

BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how BitTorrent Sync...

WordPress plugin WPML 'menu sync' function has unspecified vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WPML is one of the multi-language plug-ins. A security vulnerability exists in the 'menu sync' function of the...

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

WPML WordPress plug-in SQL injection etc.

OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the WordPress database, including user details and password...

[SECURITY] Fedora 20 Update: csync2-1.34-15.fc20

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

Facebook Vulnerability Leaks Users' Private Photos

If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware! Hackers can steal your personal photographs without your knowledge. In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, ...

WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities

WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the...

Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

Document Title: =============== Photo Manager Pro v4.4.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1445 Release Date: ============= 2015-03-12 Vulnerability Laboratory ID VL-ID: ====================================...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

[SECURITY] Fedora 22 Update: csync2-1.34-15.fc22

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

CVE-2014-9682

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

Code injection

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

CVE-2014-9682

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

1 7-year-old adolescents disclosed the“American version of wechat,”a WhatsApp Web two security vulnerabilities-vulnerability warning-the black bar safety net

! Abroad the most popular mobile communication APP that is the United States of wechat）WhatsApp recently developed a web version. Unfortunately not on the line long, a 1 7-year-old Indian teenager discovered it 2 a security vulnerability. You again...... Run it juvenile Indrajeet Bhuyan 1 year 7...

17-Year-Old Found Bugs in WhatsApp Web and Mobile App

Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web, but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web clie...

Disabling user in delegated Active Directory doesn't disable them in Confluence until they log in

h3.Steps to Reproduce Create a delegated directory, hooked to Active Directory Login with an AD user, with the "Remember Me" option checked Close the browser completely Disable the user in AD by checking the "Account is disabled" option in User Properties Account Account Options Launch the browse...