CVE: CVE-2015-1438
Vendor: Panda Security
Product: Multiple Products
Affected version: 1.0.0.13 (PSKMAD.sys driver version)
Fixed version: 15.1.0 (Products Version)
Reported by: Kyriakos Economou
Details:
Panda Kernel Memory Access Driver doesn’t validate the size of data
to be copied to b
J2Store v3.1.6, a Joomla! extension that adds basic store functionality to
a Joomla! instance, suffered from two unauthenticated boolean-blind and
error-based SQL injection vulnerabilities. Since February 2015, J2Store has
had about 16,000 downloads as of this writing.
The first vulnerability was
SOPlanning - Simple Online Planning Tool multiple vulnerabilities
CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677
Vendor: http://www.soplanning.org/
Product: SOPlanning - Simple Online Planning
Version affected: 1.32 and prior
Product description:
SO Planning is a
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command
Execution
CVEs: CVE-2015-1560, CVE-2015-1561
Vendor: Merethis - www.centreon.com
Product: Centreon
Version affected: 2.5.4 and prior
Product description:
Centreon is the choice of some of the world's largest compani
On 07/07/15 19:15, Jaanus wrote:
> http://jaanuskp.blogspot.com/2015/07/fake-links-in-skype.html
>
> The issue in Skype (bit hard to name it a real vulnerability)
Not new.
You can type it in the Skype application, and press control-shift-enter,
and it will send the HTML.
e.g., I can put into the ch
The Android operating system offers a backup/restore mechanism of
installed packages through the ADB utility. Full backup of applications
including the private files stored on /data partition is performed by
default, but applications can customize this behavior by implementing a
BackupAgent class.
Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam
v1.44.10777
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-02
Download Site: https://wordpress.org/plugins/wp-swimteam
Vendor: Mike Walsh www.MichaelWalsh.org
Vendor Notified: 2015-07-02, fixed in v1.45beta3
Vendor Cont
Title: SQL Injection in easy2map-photos wordpress plugin v1.09
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map-photos
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.1.0
Vendor Contact: https://profiles.wordpress.org/stevene
=
Passwords 2015
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
http://www.
Details
Software: GD bbPress Attachments
Version: 2.1
Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/
Advisory report:
https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/
CVE
Details
Software: GD bbPress Attachments
Version: 2.1
Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-gd-bbpress-attachments-allows-an-attacker-to-do-almost-anything-an-admin-can/
CVE: Awaiting as
# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection
in CP Contact Form with Paypal Wordpress Plugin v1.1.5
# Submitter: Nitin Venkatesh
# Product: CP Contact Form with Paypal Wordpress Plugin
# Product URL: https://wordpress.org/plugins/cp-contact-form-with-paypal/
# Vulnera
## Advisory Information
Title: Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code
Execution
Submitter: xistence
Date published: 2015-07-10
Vendors contacted: Western Digital / Arkeia
Class: OS Command Injection [CWE-78]
Impact: Code execution
Remotely Exploitable: Yes
## Product De
Part 10 of Broken, Abandoned, and Forgotten Code is up! In this part
we hunt for a UART connection inside the Netgear R6200 router.
When we start developing our minimized bootstrap firmware as well as
the custom, stage 2 firmware in later parts, it will take many
iterations to get it right. During
14 matches
Mail list logo
