iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

Hi @ll, the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still have quite some of the BLOODY beginners errors I already documented in the past. QuickTime 7.7.7, QuickTime.msi unquoted pathname of executables in command line

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-06-30-5 QuickTime 7.7.7 QuickTime 7.7.7 is now available and addresses the following: QT Media Foundation Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected

[SECURITY] [DSA 3298-1] jackrabbit security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3298-1 secur...@debian.org https://www.debian.org/security/ Markus Koschany July 01, 2015

APPLE-SA-2015-06-30-6 iTunes 12.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected

Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

Document Title: === Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1535 Video: http://www.vulnerability-lab.com/get_content.php?id=1537 Release Date: =

Path Traversal in BlackCat CMS

Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Version(s): 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 [without technical details] Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities CVE Identifier: CVE-2015-0551, CVE-2015-4524 Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs Affected products: • EMC

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating maliciou

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

Document Title: === Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1431 Release Date: = 2015-06-30 Vulnerability Laboratory ID (VL-ID):

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability EMC Identifier: ESA-2015-112 CVE Identifier: CVE-2015-4525 Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Affected products: • EMC Isilon OneFS 7.2.0.0