PT-2016-7312

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.8.15 Django versions 1.9.x prior to 1.9.10 Description The issue allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies, specifically when used on a site with Google...

django -- CSRF protection bypass on a site with Google Analytics

Django Software Foundation reports: An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

DSA-3678-1 python-django - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3678-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : drupal7-google_analytics (2016-a3cc693fba)

7.x-2.3 - Google Analytics - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-042 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] Fedora 23 Update: drupal7-google_analytics-2.3-1.fc23

Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...

[SECURITY] Fedora 25 Update: drupal7-google_analytics-2.3-1.fc25

Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...

SAP HANA Information Disclosure Vulnerability (CNVD-2016-08066)

SAP HANA is a real-time data analytics platform. SAP HANA has an information disclosure vulnerability. Allowing an attacker can exploit the vulnerability to gain access to sensitive information...

Adobe AIR SDK & Compiler Information Disclosure Vulnerability

Adobe AIR SDK & Compiler is a standard development toolkit for Adobe AIR a cross-OS runtime environment from Adobe Adobe. An information disclosure vulnerability exists in Adobe AIR SDK & Compiler 22.0.0.153 and earlier versions for Windows-based platforms, which stems from the program not...

CVE-2016-6936

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent...

CVE-2016-6936

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent...

Design/Logic Flaw

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent...

CVE-2016-6936

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent...

Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)

The version of Adobe AIR installed on the remote Windows host is prior or equal to version 22.0.0.153. It is, therefore, affected by a man-in-the-middle MitM vulnerability due to the cleartext transmission of runtime analytics for AIR applications on Android. A MitM attacker can exploit this to...

Adobe AIR for Mac <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)

The version of Adobe AIR installed on the remote Mac OS X host is prior or equal to version 22.0.0.153. It is, therefore, affected by a man-in-the-middle MitM vulnerability due to the cleartext transmission of runtime analytics for AIR applications on Android. A MitM attacker can exploit this to...

SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961

SUMMARY Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject...

APSB16-31 Security Update Available for Adobe AIR SDK & Compiler

Adobe has released a security update for Adobe AIR SDK & Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update...

Mercenary Linux

Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware

When asked to describe what it’s like to deal with the constantly looming threat of ransomware, Chad Wilson, the Director of Information Security at Children’s National Medical Center in Washington D.C., didn’t beat around the bush. “I’ll sum it up in one word: It’s scary,” Wilson said at a Feder...

CVE-2016-5022

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-I...