Apple Security Advisory 2015-09-30-02 – Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.
Apple Security Advisory 2015-09-30-03
Apple Security Advisory 2015-09-30-03 – OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.
Dropbox FinderLoadBundle OS X Local Root Exploit
The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere […]
[local] – WinRar < 5.30 beta 4 – Settings Import Command Execution
WinRar < 5.30 beta 4 – Settings Import Command Execution
[webapps] – ElasticSearch 1.6.0 – Arbitrary File Download
ElasticSearch 1.6.0 – Arbitrary File Download
[remote] – Avast Antivirus X.509 Error Rendering Command Execution
Avast Antivirus X.509 Error Rendering Command Execution
[local] – ASX to MP3 Converter 1.82.50 – .asx Stack Overflow
ASX to MP3 Converter 1.82.50 – .asx Stack Overflow
PayPal Inc Bug Bounty #119 – URL Redirection Vulnerability
An independent vulnerability laboratory researcher discovered a client-side url redirect web vulnerability in the official PayPal Inc Notify online service web-application.
WordPress mTheme-Unus Local File Inclusion
WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability.