Archiv pro měsíc: Leden 2015

SecuritTeam.com: SOS GmbH JobScheduler DOM Based Cross Site Scripting Vulnerabilities

Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).

SecuritTeam.com: Qualcomm Innovation Center Android For MSM Project Local Security Bypass Vulnerabilities

The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image