Archiv pro měsíc: Duben 2015 Google Android Local Privilege Escalation Vulnerabilities

luni/src/main/java/java/io/ in the implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as de

číst dál SPNbabble Plugin For WordPress Spnbabble.php Cross-Site Request Forgery Vulnerabilities

Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php.