Check Point has disclosed few details on a cookie vulnerability in the RomPager webserver running inside 12 million embedded devices. The flaw puts home routers at risk to attack.
Browsing Category: Vulnerabilities
There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions[…]
Chinese smartphones from Coolpad contain a backdoor, dubbed CoolReaper by Palo Alto researchers, is being used to install apps without user consent.
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks.
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module.
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell[…]
CMS providers Joomla and WordPress have patched an arbitrary file download vulnerability in the HD FLV Player plug-in, but custom websites running the plug-in independently remain at risk.
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
For the second month in a row, Microsoft is recalling a security update published along with its monthly patch Tuesday release.