Vulnerability in rmsock affects AIX (CVE-2018-1655),Vulnerability in rmsock affects VIOS (CVE-2018-1655)

IBM SECURITY ADVISORY First Issued: Thu Jun 21 14:07:15 CDT 2018 |Updated: Tue Jul 3 08:09:45 CDT 2018 |Update: Additional iFixes are now available. Additional iFixes are now available | for: | AIX 6100-09-09 and 6100-09-10 | AIX 7100-04-04 and 7100-04-05 | AIX 7100-05-00 and 7100-05-01 | AIX...

Apache CouchDB Remote Code Execution

Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...

Summer SOTI - DDoS by the numbers

Time for a Change The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only se...

Security Bulletin:A security vulnerability has been identified in MySQL Server shipped with Tivoli Network Manager IP Edition (Oracle Critical Patch Update Advisory - July 2015)

Summary MySQL Server is shipped as a component of Tivoli Network Manager IP Edition. Information about a security vulnerability affecting MySQL Server has been published in a security bulletin Vulnerability Details Please consult the security bulletin...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6.0.16.2, that is used by Rational Lifecycle Integration Adapter for HP ALM. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability ...

blog-mail.ru XSS vulnerability

Open Bug Bounty ID: OBB-633210 Description| Value ---|--- Affected Website:| blog-mail.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Potential security vulnerability in WebSphere Application Server. IBM WebSphere Application Server ships with IBM PureApplication System (CVE-2017-1137)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Potential security...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus

Summary WebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin Vulnerability Details Please consult the security bulletin WebSphere...

Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition(CVE-2016-0475 CVE-2015-7575 CVE-2016-0448)

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM Java SDK...

A security vulnerability has been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition(CVE-2015-7575)

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM Java SDK security...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL

I like to do bug bounties from time to time, mostly when I am sacrificing sleep once the kids are finally out cold. This seemed like a worthy experience to document. Let me just start by saying I dont plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have...

sinatra -- XSS vulnerability

Sinatra blog: Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627. The vulnerability is that XSS can be executed by using illegal parameters...

Auth0 Glitch Allows Attackers to Launch Phishing Attacks

UPDATE Researchers are warning of a glitch in the Auth0 identity-as-a-service offering, which could allow bad actors to spoof a legitimate website and collect sensitive information from visitors. Researchers at Imperva on Tuesday found that the subdomain names of Auth0 are susceptible to security...

'Zip Slip' Vulnerability Affects Thousands of Projects Across Many Ecosystems

Security researchers at British software firm Snyk have revealed details of a critical vulnerability that affects thousands of projects across many ecosystems and can be exploited by attackers to achieve code execution on the target systems. Dubbed "Zip Slip," the issue is an arbitrary file...

blog.etsy.com XSS vulnerability

Open Bug Bounty ID: OBB-627097 Description| Value ---|--- Affected Website:| blog.etsy.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

coisadeitaliano.com.br XSS vulnerability

Open Bug Bounty ID: OBB-626271 Description| Value ---|--- Affected Website:| coisadeitaliano.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 67 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 67.0.3396.62 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...