AirDroid Version 3.0.4 and earlier versions’ web applications use JSON with padding (JSONP) for performing cross-origin requests. Due to JSONP being an insecure method of sharing data across origins, it is possible to hijack all of the AirDroid application functionality. By doing this, other users’ Android devices can be hijacked.
News & Events
News in category "Advisories"
Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability that could allow a remote attacker to execute arbitrary commands on an affected system.
PGP Desktop includes a Wipe Free Space utility that claims to eliminate data in all the free space on your hard drive including the the little areas after the end of existing files which may still have old data left behind. In short, the utility claims to wipe file slack space, the unused space in a disk cluster. The software does not work as advertised. It does not clean slack space.
Windows file time stamps can be set to extremely low values via the NtSetInformationFile() system call. The Windows API does not properly translate the low 64-bit time values stored on disk into human readable format, and displays no information instead. Although this is not a security vulnerability in itself, it adversely affects third-party applications that rely upon the Windows API to perform the translation.