89 matches found
CVE-2016-4046
Open-Xchange OX App Suite (before 7.8.1-rev11) is affected by CVE-2016-4046. The API used to configure external mail accounts can be abused to map and access network components within the operator’s trust boundary; attackers can inject arbitrary hosts and ports into API calls, enabling informatio...
Hancitor (AKA Chanitor) observed using multiple attack approaches
Many threat actors use multiple attack vectors to ensure success. The individuals using Hancitor malware also known by the name Chanitor are no exception and have taken three approaches to deliver the malware in order to ultimately steal data from their victims. These techniques include uncommon...
Hancitor (AKA Chanitor) observed using multiple attack approaches
Many threat actors use multiple attack vectors to ensure success. The individuals using Hancitor malware also known by the name Chanitor are no exception and have taken three approaches to deliver the malware in order to ultimately steal data from their victims. These techniques include uncommon...
Pornhub: View storyboard of private video @ ht.pornhub.com
The researcher was able abuse the API in order to leak the thumbnails of private videos...
The Joys of Running a Bug Bounty Program
When Barracuda Networks started its bug bounty program about three months ago, company officials weren’t exactly sure what to expect. They didn’t know whether there’d be an onslaught of submissions or the sound of crickets chirping. The reality turned out to be somewhere in the middle. Barracuda...
Hardcoded credentials
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related to an "API...
CVE-2010-1415
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related to an "API...
CVE-2010-1415
Removed by vendor...
CVE-2010-1415
WebKit vulnerability CVE-2010-1415 affects Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It stems from improper handling of libxml contexts in WebKit, described as an API abuse issue. Consequences described: remote attackers could execute arbitrary code...