E-Store (1.0 2.0) = SQL Injection Vulnerability

2014-03-10 Thread Alkeraithe
# Exploit Author: Nawaf Alkeraithe == for E-store 1.0: # Google Dork: Powered by: PD inurl:page.php?id #Vulnerable page: http://[target]/page.php?id=[SQL Injection] == for E-store 2.0: # Google Dork: Powered by: PD

[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update

2014-03-10 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2870-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 08, 2014

[ MDVSA-2014:048 ] gnutls

2014-03-10 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:048 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:049 ] subversion

2014-03-10 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:049 http://www.mandriva.com/en/support/security/

[SECURITY] [DSA 2871-1] wireshark security update

2014-03-10 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2871-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff March 10, 2014

[SECURITY] [DSA 2872-1] udisks security update

2014-03-10 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2872-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff March 10, 2014

[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability

2014-03-10 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970

Android Vulnerability: Install App Without User Explicit Consent

2014-03-10 Thread Daniel Divricean
This vulnerability allows an app to install any number of apps with any type of permissions without user's explicit consent. It is based on two things: 1. You can install an app from Google Play using just the browser, even from PC. 2. An app can embed a browser and automatically login into

APPLE-SA-2014-03-10-1 iOS 7.1

2014-03-10 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem

[ MDVSA-2014:050 ] wireshark

2014-03-10 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:050 http://www.mandriva.com/en/support/security/

APPLE-SA-2014-03-10-2 Apple TV 6.1

2014-03-10 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple TV 6.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs