iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:Program Files…

Posted by Stefan Kanthak on Feb 01 Hi @ll, See <http://seclists.org/bugtraq/2014/Oct/164>, <http://seclists.org/fulldisclosure/2014/Oct/109>, <http://seclists.org/fulldisclosure/2014/Aug/44>, <http://seclists.org/fulldisclosure/2014/Aug/33> and <http://seclists.org/fulldisclosure/2014/Jul/30> for the prequel. The just released iTunes 12.1 for…

CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which…

CVE-2014-7287

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail…

CVE-2014-7288

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line…

CVE-2014-8266

Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML…