EUVD-2018-6459

Malware in sbrugna...

SUSE CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU - April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)

Summary Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE CVE-2017-3511 were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability...

CVE-2017-18678

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-811...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-811...

CVE-2017-18676

An issue was discovered on Samsung mobile devices with N7.0 Qualcomm chipsets software. There is an RKP kernel protection bypass in which unwanted memory mappings may occur because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 April 2017...

CVE-2017-18679

CVE-2017-18679 affects Samsung mobile devices running Android M (6.0). The issue arises from SLocation triggering a system crash when calling an API that is not implemented. The vulnerability impact is a denial of service via a crash, with an Availability impact of HIGH per CVSS 3.1 metrics, and ...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in April 2017 and July 2017. Vulnerability Details CVEID: CVE-2017-3511 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager

Summary There are multiple vulnerabilities in IBMR SDK JavaTM Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in January 2017 and April 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerability related to the...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2017 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud.

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in April 2017. Vulnerability Details For information on the IBM Java SDK that is now bundled with...

Security Bulletin:Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2017 CPU

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2017. These may affect some configurations of IBM WebSphere Application Server...

Security Updates for Internet Explorer (April 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a...

17-years-old kid hacks US air force for the good

By Uzair Amir In April 2017, it was reported that the US Department of Defence This is a post from HackRead.com Read the original post: 17-years-old kid hacks US air force for the good...

InsomniaX 2.1.8 Arbitrary Kernel Extension Loading Vulnerability

It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions kext. The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load or unload any...

Oracle PeopleSoft - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017...

Oracle PeopleSoft HCM 9.2 XXE Injection

Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk ERPScan Description 1...

Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB4020507): May 2, 2017

Update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4020507: May 2, 2017 View products that this article applies to. Introduction This update for the .NET Framework 4.5.2 on Windows 7, Windows Server 2008 R2, and Windows Server 2008 provides a fix t...

vspy.guildlaunch.net XSS vulnerability

Vulnerable URL: http://vspy.guildlaunch.net/srv/vspy.php?Address=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E=6176 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...