Quick CMS v 6.1 XSS Vulnerability

2016-01-19 Thread Rahul Pratap Singh
## FULL DISCLOSURE #Product: Quick CMS #Exploit Author : Rahul Pratap Singh #Version: 6.1 #Home page Link : http://opensolution.org/home.html #Website: 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 19/Jan/2016 XSS Vulnerability:

[CORE-2016-0001] - Intel Driver Update Utility MiTM

2016-01-19 Thread CORE Advisories Team
1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm Date published: 2016-01-19 Date of last update: 2016-01-14 Vendors contacted: Intel Release mode: Coordinated release

[SECURITY] [DSA 3448-1] linux security update

2016-01-19 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3448-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2016

Quick Cart v6.6 XSS Vulnerability

2016-01-19 Thread Rahul Pratap Singh
## FULL DISCLOSURE #Product: Quick Cart #Exploit Author : Rahul Pratap Singh #Version: 6.6 #Home page Link : http://opensolution.org/home.html #Website: 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 19/Jan/2016 XSS Vulnerability:

Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe

2016-01-19 Thread Stefan Kanthak
Hi @ll, the executable installers PANDAIS16.exe, PANDAAP16.exe, PANDAGL16.exe and PANDAGP16.exe available from load and execute (at least) UXTheme.dll, RichEd20.dll and RichEd32.dll from their "application directory". For software downloaded with a web browser the application directory is

APPLE-SA-2016-01-19-1 iOS 9.2.1

2016-01-19 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-01-19-1 iOS 9.2.1 iOS 9.2.1 is now available and addresses the following: Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute

[SECURITY] [DSA 3449-1] bind9 security update

2016-01-19 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3449-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2016

APPLE-SA-2016-01-19-3 Safari 9.0.3

2016-01-19 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-01-19-3 Safari 9.0.3 Safari 9.0.3 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2 Impact: Visiting a maliciously crafted

[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS)

2016-01-19 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04945270 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04945270 Version: 1 HPSBGN03534

APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001

2016-01-19 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to