nss, nss-util, and nspr security update

nspr 4.10.8-2 - Resolves: Bug 1269360 - CVE-2015-7183 - nspr: heap-buffer overflow in PLARENAALLOCATE can lead to crash under ASAN, potential memory corruption nss 3.19.1-5.0.1 - Added nss-vendor.patch to change vendor 3.19.1-5 - Rebuild against updated NSPR 3.19.1-4 - Sync up with the rhel-6.6...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to delete arbitrary files.

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, are related to deficiencies in access control for certain functions. Exploiting these vulnerabilities could allow an...

CVE-2015-7829

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete...

Sql injection

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete...

CVE-2015-7829

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete...

NTP: Multiple vulnerablities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or...

CVE-2013-2056

The Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call...

BitTorrent Fixes Reflective DDoS Attack Security Flaw

Two weeks ago, we reported how a serious flaw in the popular peer-to-peer BitTorrent file sharing protocols could be exploited to carry out a devastating distributed denial of service DDoS attack, allowing lone hackers with limited resources to take down large websites. Good news is that the...

Popular Download Service μTorrent wants you to pay for its Software

Just to enhance the services being rendered. The popular peer-to-peer file sharing software application is aiming to achieve new heights by making their software be a paid scheme. uTorrent is one of the clients of BitTorrent Inc. the parent company which implements a BitTorrent protocol. Where ea...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...

WordPress Database Sync Plugin <= 0.4 - Cross Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because "url" parameter is printed directly to the page without sanitization. Solution Update the plugin...

Database Sync <= 0.4 - Reflected Cross-Site Scripting (XSS)

The Database Sync WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

WordPress Database Sync 0.4 Cross Site Scripting Vulnerability

WordPress Database Sync plugin version 0.4 suffers from a cross site scripting vulnerability. Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ -...

WordPress Database Sync 0.4 Cross Site Scripting

Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ - https://plugins.svn.wordpress.org/database-sync/ ========================================================== Plugin description...

Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge, even if you have alread...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could exploit these vulnerabilities to include...

CVE-2015-2851

clientchown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename...

HiDisk 2.4 iOS - (FolderPath) Persistent Vulnerability

Document Title: =============== HiDisk 2.4 iOS - FolderPath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1496 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 1496...

vPhoto-Album v4.2 iOS - File Include Web Vulnerability

Document Title: =============== vPhoto-Album v4.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1477 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ==================================== 147...

vPhoto-Album 4.2 iOS - Local File Inclusion

vPhoto-Album 4.2 iOS - Local File Inclusion Document Title: =============== vPhoto-Album v4.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1477 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID...