RedTeam Pentesting discovered a cross site scripting vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the rexx Recruitment installation's domain.
2b99dd93bd3ef7fa35d56eedd30ce42a17be27a43d0080a86eaa47f243c72d0b
Ubuntu Security Notice 2157-1 - This updates ClamAV to a new major version in order to gain new detection technologies and maintain proper compatibility with the virus signature database.
e939e10d723485fa7d87d05fd414e3c150f24977ecd1d8c5f7f892a15c5d3e57
ePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.
876448f07c5c05553462fd3177290aada26c9cd5919baeae2680fd062cfff2f7
Gentoo Linux Security Advisory 201403-8 - PlRPC uses Storable which allows for code execution prior to Authentication. Versions less than 0.202.0-r2 are affected.
543d28c7468a493b70182a4dead709907d9e78d7845ca1422846ad3dfd04face
Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
4b5d69b0cae3c7cd9e89f17f629e2e25283338e269c0c4155401deba8739d35b
Joomla Kunena component version 3.0.4 suffers from a cross site scripting vulnerability.
5824c2fb1d088d434657130d4759d89055357306437bfbb01644799d4d520267
My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.
e53e7d5c9f0ee9f794d19da2f54e4d471361b0256775259c8d71dc2f551e08df
NCC Group Research Director Andy Davis presented 'USB Attacks Need Physical Access Right? Not Any More...' at this year's BlackHat Asia in Singapore. Due to recent advances in a number of remoting technologies, USB attacks can now be launched over a network. The talk went into detail about how these technologies work, the resulting impact on the world of USB bugs and included a live demo remotely triggering a USB kernel bug in Windows 2012 server.
6b69c9ca16bc7b4b25c8eaf51bdad117771585a02daec7c27db6c045043dfa9c
Lazybone Studios WiFi Music 1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
11ad45715114d7c206751facff6d0a7e57d0ce6d720031cf785b958467b939ed
Dell SonicWall EMail Security Appliance version 7.4.5 suffers from persistent cross site scripting vulnerabilities.
0cfbd724c69d47de7c17ff8278ec80b9408046b5efab05889637c9e367bece9d
Gummy Bear Studios FTP Drive + HTTP Server version 1.0.4 for iOS suffers from a code execution vulnerability.
b239f066427e1022589e0ecbdd1ac1858155184f9aae8a056e457651de06e2eb
Monoprice.com suffers from a shopping cart enumeration and arbitrary modification vulnerability.
7b9f5cdc8364d0860d1cf8260917384a3a43ecb7c6e7ba1fc99e01b8224f6e12
LinEx suffers from a remote password reset vulnerability.
569bcb618840b33281332aff7f027c187d8587d4ff30e0e14d3c71181a5ecbc3
A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.
688b048fb5365a45f0a237ef602cef2bde7a27679794b9c23fb305a9ed177a61
Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.
71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06
DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.
4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85
Debian Linux Security Advisory 2886-1 - Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.
365cf71f1731754a036810b5e0e18bedeb52a4ab1cdcd9b2eebfdb05dca50e84
Debian Linux Security Advisory 2885-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b4999786c09114961fe601a3d66c8dd907ab9b138e0d262a4b06dbdd2543a516
Debian Linux Security Advisory 2884-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
d2d7928d1100550c07f523aba820802edcc4d3fc9f39e2823644e4c86301dc95
Cisco Security Advisory - A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
b099cd45ced8201a847dacf48fc924497fe7165c4d908be59deb34c1e012a531
RSA AM version 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability on the Self-Service Console. This vulnerability may allow an unauthenticated malicious user potentially to misuse frames and steal sensitive information from legitimate users of the application.
0df87dd0239f954de0f33c622a957f03cff3e625d25c2efe137b1b777b10aa6f
VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.
8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567
Cisco Security Advisory - A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
02cb8b78d8d7e0d3900c22ebce4004b2b99138cae3c3a2a1796be9277d535a9d
VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the "Clipboard::WriteData()" function that does not restrict the value of the "format" parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. Google Chrome versions prior to 33.0.1750.154 are affected.
1e839c35cc0103dc89491b813b56882dd52230a8917c7b3e18e00a97251c90dd
VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the "DocumentV8Internal::locationAttributeSetter()" function when processing "document.location" objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. Google Chrome versions prior to 33.0.1750.154 are affected.
64ac9a25643ea00fce3210d758ef5db14c5aa566c56da27b8f97f1377430a60f