PhotoWebsite v3.1 iOS - File Include Web Vulnerability

Document Title: =============== PhotoWebsite v3.1 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1474 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 147...

PhotoWebsite v3.1 iOS - File Include Web Vulnerability

Document Title: =============== PhotoWebsite v3.1 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1474 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 147...

WordPress QAEngine Theme 1.4 Privilege Escalation

Theme Link: https://www.enginethemes.com/themes/qaengine/ - Vulnerability Description: + 1st Vulnerability: qaengine vulnerability allows an attacker to have an administrator account on the target's website vuln code in /qaengine/includes/aecore/class-ae-users.php: public function insert...

IBM InfoSphere BigInsights SQL Component Unauthorized Access Vulnerability

IBM InfoSphere BigInsights is a set of software platform for storing and analyzing "big data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data.Big SQL is one of the SQL interface components. A security...

[SECURITY] Fedora 21 Update: owncloud-7.0.5-2.fc21

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

[SECURITY] Fedora 20 Update: owncloud-7.0.5-2.fc20

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

CVE-2015-2846

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

Design/Logic Flaw

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

CVE-2015-2846

CVE-2015-2846 affects BitTorrent Sync (BTSync.exe) where the BTSync protocol handler fails to properly validate btsync: URLs, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a crafted file/link) and results in arbitrary command executio...

CVE-2015-2846

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

BitTorrent Sync BTSync.exe Arbitrary Code Execution Vulnerability

BitTorrent Sync is a set of data synchronization tools developed by the American company BitTorrent. The tool synchronizes files between different devices over LANs and the Internet using secure, distributed P2P technology. An arbitrary code execution vulnerability exists in BitTorrent Sync's...

BitTorrent Sync （peer-to-peer file synchronization system on there is a high risk of command injection vulnerability-vulnerability warning-the black bar safety net

According to HP 0day plans ZDI in last week's announcement that BitTorrent Sync on the presence of a high-risk vulnerability, an attacker can remotely execute arbitrary code. The black bar safety net science BitTorrent Sync is BitTorrent network technology company launched in multiple computers f...

BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how BitTorrent Sync...

WordPress plugin WPML 'menu sync' function has unspecified vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WPML is one of the multi-language plug-ins. A security vulnerability exists in the 'menu sync' function of the...

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

WPML WordPress plug-in SQL injection etc.

OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the WordPress database, including user details and password...

[SECURITY] Fedora 20 Update: csync2-1.34-15.fc20

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

Facebook Vulnerability Leaks Users' Private Photos

If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware! Hackers can steal your personal photographs without your knowledge. In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, ...

WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities

WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the...