MEMPHIS COMPUTER REPAIR . COM

Networking - WiFi, Data Recovery, Web Design, SEO, Computer Repair and Support



 

Memphis Computer Repair brings you top quality technicians at unbeatable rates 24 hours a day, 7 days a week. Our highly trained and experienced staff will assist you with all of your information technology needs. We service business computers, residential computers, servers, workstations, desktop PCs, and laptops.

Computer Related Services

Our skilled staff has more to offer than merely computer repair services. We specialize in building and implementing residential and business computer networks. Securing your network is only a click away! Guarauntee the safety of your data by only allowing access to who you choose! Are you sure you need a new printer? Don't buy a new printer for every computer you own. Save money by networking your computers and your printer! Any printer can be used on a network, be it a residential network or a business network.

Memphis Computer Repair is always open for business. We service and repair all bands and models of computers including: Dell, Gateway, Compaq, Hewlett-Packard HP, IBM, and all custom built computers.

Our discounted computer repair rates will fit your budget.

We stand behind our work with a 100% satisfaction guarauntee!

With every computer we service we include a comprehensive and easily read reapir ticket to keep you informed on what has been done. We replace difficult computer lingo with understandable terms that you will understand. We never perform unnecessary work and we will ALWAYS inform you of the cost before any work is done!

Have you been blindsided by a computer repair company that charged you an outrageous amount for repairs you think you might not have needed? You will know the complete cost of any computer work done before the service is performed. If computer repair cost is out of your budget, we will not charge you for the estimate.

Servicing The Following Locations

Memphis, TN, Olive Branch, Southaven, Horn Lake, Hernando, Byhalia, Barton, Collierville, Cordova, Germantown, West Memphis, AR, Oakland, TN, Bartlett, Raleigh, Millington, Tunica, MS, and all areas of Shelby County Tennessee, DeSoto County Mississippi, and Marshall County Mississippi.

Have questions? Need help?

We would be glad to help you; simply contact us via our contact page, Contact Us.

*based on 33.6 Kilobits per second Internet connection speed

Valid CSS!

Open a Service Request/Repair Ticket or Call us @
901-515-8433
Name:
Address:
City: State:
Zip:Phone Number:
Email Address:
Computer Brand:
Computer Model:
Problem or Service Requested



US-CERT: The United States Computer Emergency Readiness Team


07/31/2015 08:59 PM
IC3 Issues Alert on DDoS Extortion Campaigns
Original release date: July 31, 2015

The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a ransom. Businesses are warned against communicating directly with attackers and advised to use DDoS mitigation techniques instead.

Users and administrators are encouraged to review the IC3 Alert for details and US-CERT Security Tip ST04-015 for more information on DDoS attacks.


This product is provided subject to this Notification and this Privacy & Use policy.



07/31/2015 05:46 PM
Best Practices to Protect You, Your Network, and Your Information
Original release date: July 31, 2015

The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions.

During NCCICs recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices.

Cybersecurity is a risk management issue. Our experience demonstrates that individuals and organizations may reduce risk when they implement cybersecurity best practices. The following are examples of best practices you should consider implementing today as part of your cybersecurity strategy:

  1. Implement Two-Factor Authentication: Two-factor authentication works to significantly reduce or eliminate unauthorized access to your networks and information.
  2. Block Malicious Code: Activate application directory whitelisting to prevent non-approved applications from being installed on your network.
  3. Limit Number of Privileged Users: System administrators have privileged access that gives them the keys to your kingdom. Limit system administrator privileges only to those who have a legitimate need as defined by your management directives.
  4. Segment Your Network: Dont put all your eggs in one basket by having a flat network. Use segmentation techniques so that if one part of your network is breached that the integrity of the rest of the network is protected.
  5. Lock Your Backdoors: Third parties that share network trust relationships with you may prove to be an Achilles heel by serving as an attack vector into your network. Take action to ensure that all network trust relationships are well-protected using best practices. Have a means to audit the effectiveness of these defenses. Consider terminating or suspending these relationships until sufficient controls are in place to protect your backdoors.

For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT Security Tip 13-003: Handling Destructive Malware to evaluate their capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies.


This product is provided subject to this Notification and this Privacy & Use policy.



07/30/2015 12:52 PM
Cisco Releases Security Updates
Original release date: July 30, 2015

Cisco has released software updates to address a vulnerability in Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



07/28/2015 05:48 PM
Internet Systems Consortium (ISC) Releases Security Updates for BIND
Original release date: July 28, 2015 | Last revised: July 29, 2015

ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Updates available include:

  • BIND 9-version 9.9.7-P2
  • BIND 9-version 9.10.2-P3

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



07/28/2015 05:37 PM
Stagefright Android Vulnerability
Original release date: July 28, 2015

Android devices running Android versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.

Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information. US-CERT recommends affected Android users contact their wireless carrier or device manufacturer for a software update.


This product is provided subject to this Notification and this Privacy & Use policy.



07/27/2015 04:06 PM
Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability
Original release date: July 27, 2015

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement for a complete list.

US-CERT recommends that users review ICS Alert 15-203-01 and Vulnerability Note VU#819439 for more information. Uconnect users are encouraged to review the NHTSA recall announcement and apply the software update.


This product is provided subject to this Notification and this Privacy & Use policy.



07/27/2015 05:08 AM
SB15-208: Vulnerability Summary for the Week of July 20, 2015
Original release date: July 27, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- airAdobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.2015-07-2010.0CVE-2015-5124
CONFIRM
cisco -- application_policy_infrastructure_controller_(apic)Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.x before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.2015-07-249.0CVE-2015-4235
CISCO
cisco -- unified_meetingplace_web_conferencingThe password-change feature in Cisco Unified MeetingPlace Web Conferencing 8.5 before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.2015-07-2410.0CVE-2015-4262
CISCO
cisco -- unified_computing_systemThe Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.2015-07-207.2CVE-2015-4279
CISCO
cisco -- videoscape_policy_resource_managerCisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128.2015-07-217.8CVE-2015-4283
CISCO
eaton -- proviewEaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.2015-07-199.3CVE-2014-9196
MISC
emc -- avamar_serverDirectory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.2015-07-237.8CVE-2015-4527
BUGTRAQ
fca -- uconnectUnspecified vulnerability in Uconnect 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA), allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD.2015-07-218.3CVE-2015-5611
MISC
MISC
MISC
MISC
MISC
MISC
gemalto_safenet_luna_hsm -- -Unspecified vulnerability on the Gemalto SafeNet Luna HSM has unknown impact and attack vectors.2015-07-2210.0CVE-2015-5464
CONFIRM
google -- chromeUse-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.2015-07-227.5CVE-2015-1272
CONFIRM
MISC
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.2015-07-227.5CVE-2015-1276
CONFIRM
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.2015-07-227.5CVE-2015-1277
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeInteger overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.2015-07-227.5CVE-2015-1279
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeSkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.2015-07-227.5CVE-2015-1280
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.2015-07-227.5CVE-2015-1284
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-07-227.5CVE-2015-1289
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm -- db2The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.2015-07-198.0CVE-2015-1935
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
microsoft -- windows_7Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."2015-07-209.3CVE-2015-2426
CERT-VN
MS
MISC
nvidia -- gpu_driverThe NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference.2015-07-177.2CVE-2015-3625
CONFIRM
siemens -- siprotec_firmwareThe EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service via crafted packets on UDP port 50000.2015-07-187.8CVE-2015-5374
CONFIRM
sysphonic -- thetisMultiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-07-197.5CVE-2015-2972
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
tibco -- silver_fabric_enabler_for_spotfire_webplayerMultiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.2015-07-217.5CVE-2015-4554
CONFIRM
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- http_serverThe read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.2015-07-205.0CVE-2015-0253
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apache -- http_serverThe chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.2015-07-205.0CVE-2015-3183
CONFIRM
CONFIRM
CONFIRM
apache -- http_serverThe ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.2015-07-204.3CVE-2015-3185
CONFIRM
CONFIRM
CONFIRM
blackberry -- blackberry_linkmc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.2015-07-196.8CVE-2015-4111
CONFIRM
cisco -- webex_training_centerCross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv01955.2015-07-214.3CVE-2015-4246
CISCO
cisco -- prime_collaborationCisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844.2015-07-185.0CVE-2015-4280
CISCO
cisco -- webex_meetings_serverCross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.2015-07-226.8CVE-2015-4281
CISCO
cisco -- ios_xrThe Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.2015-07-225.0CVE-2015-4284
CISCO
cisco -- ios_xrThe Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.2015-07-235.0CVE-2015-4285
CISCO
cisco -- adaptive_security_appliance_softwareThe TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976.2015-07-184.3CVE-2015-4458
CISCO
ghisler -- total_commanderThe FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.2015-07-215.0CVE-2015-2869
CERT-VN
MISC
MISC
google -- chromeThe ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.2015-07-226.8CVE-2015-1270
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromePDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.2015-07-226.8CVE-2015-1271
CONFIRM
CONFIRM
CONFIRM
google -- chromeHeap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.2015-07-226.8CVE-2015-1273
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.2015-07-226.8CVE-2015-1274
CONFIRM
CONFIRM
CONFIRM
google -- chromeCross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)."2015-07-224.3CVE-2015-1275
CONFIRM
CONFIRM
CONFIRM
google -- chromecontent/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.2015-07-224.3CVE-2015-1278
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromecore/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.2015-07-224.3CVE-2015-1281
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.2015-07-226.8CVE-2015-1282
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.2015-07-226.8CVE-2015-1283
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.2015-07-225.0CVE-2015-1285
CONFIRM
CONFIRM
CONFIRM
google -- chromeCross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."2015-07-224.3CVE-2015-1286
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeBlink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.2015-07-224.3CVE-2015-1287
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.2015-07-226.8CVE-2015-1288
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.2015-07-225.0CVE-2015-5605
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hp -- system_management_homepageCross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.2015-07-216.0CVE-2015-2134
HP
ibm -- db2IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.2015-07-194.0CVE-2014-8910
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- db2IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.2015-07-196.8CVE-2015-0157
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- db2IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.2015-07-194.0CVE-2015-1883
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- business_process_managerThe REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.2015-07-214.0CVE-2015-1905
CONFIRM
AIXAPAR
ibm -- infosphere_master_data_managementIBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.2015-07-194.0CVE-2015-1982
CONFIRM
ibm -- infosphere_master_data_managementIBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.2015-07-194.0CVE-2015-1984
CONFIRM
kaseya -- virtual_system_administratorDirectory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.2015-07-204.0CVE-2015-2862
CERT-VN
kaseya -- virtual_system_administratorOpen redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2015-07-204.3CVE-2015-2863
CERT-VN
microsoft -- malicious_software_removal_toolRace condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability."2015-07-206.9CVE-2015-2418
CONFIRM
netiq -- security_solutions_for_iseriesMultiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699.2015-07-186.8CVE-2015-0795
CONFIRM
MISC
novell -- groupwiseMultiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-07-224.3CVE-2014-0611
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
seeds -- acmailerDirectory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.2015-07-195.5CVE-2015-2971
CONFIRM
JVNDB
JVN
solarwinds -- n-able_n-centralThe RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.2015-07-214.0CVE-2015-5610
CERT-VN
wireshark -- wiresharkThe dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2015-07-215.0CVE-2015-4651
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.2015-07-214.3CVE-2015-4652
CONFIRM
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- rational_collaborative_lifecycle_managementCross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2015-07-193.5CVE-2015-0130
CONFIRM
ibm -- business_process_managerCross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2015-07-213.5CVE-2015-1906
CONFIRM
AIXAPAR
ibm -- db2The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.2015-07-193.5CVE-2015-1922
AIXAPAR
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- infosphere_master_data_managementCross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2015-07-193.5CVE-2015-1968
CONFIRM
ibm -- case_managerMultiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.2015-07-193.5CVE-2015-1979
CONFIRM
ibm -- infosphere_master_data_managementIBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.2015-07-193.5CVE-2015-1980
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.



07/23/2015 11:55 AM
WordPress Releases Security Update
Original release date: July 23, 2015

WordPress 4.2.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.2.3.


This product is provided subject to this Notification and this Privacy & Use policy.



07/23/2015 11:48 AM
Cisco Releases Security Updates
Original release date: July 23, 2015

Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products.Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a denial-of-service condition, or take control of the affected application.

US-CERT encourages users and administrators to review the Cisco Security Advisories cisco-sa-20150722-apic, cisco-sa-20150722-tftp, and cisco-sa-20150722-mp and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



07/21/2015 02:08 PM
Google Releases Security Update for Chrome
Original release date: July 21, 2015

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





We Specialize In...

Wireless Networking - WiFi

Wireless Network Setup, Access Points, Routers, Antennas, and other devices.

Network Wiring

Coax (RG-6/59), Ethernet Wiring (CAT 3/5/5E/6), Phone Systems, and Structured Wiring

Data Recovery

PC Desktop Harddrives, External Storage, Network Attached Storage(NAS), RAID Array, and Server Hard drives.

Hardware Service

Data Storage Systems, Hard Drive Related, Hardware Repair, Laptop Repair, PC Repiar, Scanner Repair, Server Repair, System Diagnostics, Tape Drives, and other External Media.

Software Services

Accounting Systems, Adware/Spyware Removal, Antivirus Software and Virus Removal, Back Up Software, Communications Software, Contact Management, Database Software, Documentation Creating and Publishing, and Email Software.

Operating Systems

Linux, MS-DOS, Windows NT Workstation and Server, Windows 95, Windows 98, Windows ME, Windows 2000, Windows XP Home and Windows XP Professional.

Printer Repair and Service

All inkjet and laserjet printers, Dot matrix printers, Network Printers, HP, Lexmark, Canon, Brother, Oki-Data, OTC, and many other Printer Manufacturers.

Your One-Stop Solution For..

Virus Scanning and Virus Removal, PC Help, Computer Maintenance, Business Computer/Laptop Repair, Hardware Configuration, Software Configuration, AdWare and Spyware Removal and Immunization, Door-to-Door Pc Repair and Computer Services, Networking, Cabling, Wired and Wireless Network Assistance, Network Diagnostics Service, Components, Modems, Printers, Scanners, Digital Cameras, Data Storage, Data Recovery, Backup and Fail-Safe Disaster Recovery, Cable Modem Internet and DSL Internet Connections and Maintenance, Computer Troubleshooting, Hard Drive backups, Technical Support, End user training, Software Training, Any on-site Computer Need, Computer Tune Ups, Operating System (OS) Installations, On Site Computer Traingin, Laptop/Notebook Service and Repair, Free Upgrading Advice and Computer Upgrades at unbeatable rates.

Legal InformationTechAnywhereComputer Repair MemphisComputer Repair Industry

© 2004-2015 memphiscomputerrepair.com
All rights reserved.