[SECURITY] Fedora 26 Update: libmwaw-0.3.11-3.fc26

libmwaw is a library for import of old Mac documents. It supports many kinds of text documents, spreadsheets, databases, vector and bitmap images. Supported are, for example, documents created by BeagleWorks, ClarisWorks, MacPaint, MacWrite or Microsoft Word for Mac. A full list of supported...

Insecure Backend Databases Blamed for Leaking 43TB of App Data

Insecure backend databases and mobile apps are making for a dangerous combination, exposing an estimated 280 million records that include a treasure-trove of private user data. According to a report by Appthority, more than 1,000 apps it looked at on mobile devices leaked personally identifiable...

PHDays VII: To Vulnerability Database and beyond

Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it. But first of all, a few words about the conference itself. I can tell that...

juneau.lib.ak.us XSS vulnerability

Open Bug Bounty ID: OBB-242046 Description| Value ---|--- Affected Website:| juneau.lib.ak.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Secure Auditor Directory Traversal Vulnerability

Secure Auditor suite is a unified digital risk management solution for auditing windows, oracle, sql databases and Cisco devices. A directory traversal vulnerability exists in Secure Auditor V3.0. An attacker can exploit this vulnerability to read arbitrary files via the pathname in the . /...

Secure Auditor 3.0 - Directory Traversal

Secure Auditor 3.0 - Directory Traversal + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ==================== www.secure-bytes.com Product:...

Vulnerability Quadrants

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically. First of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability...

To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

In 2017, Mandiant responded to multiple incidents we attribute to FIN7, a financially motivated threat group associated with malicious operations dating back to 2015. Throughout the various environments, FIN7 leveraged the CARBANAK backdoor, which this group has used in previous operations. A...

To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

In 2017, Mandiant responded to multiple incidents we attribute to FIN7, a financially motivated threat group associated with malicious operations dating back to 2015. Throughout the various environments, FIN7 leveraged the CARBANAK backdoor, which this group has used in previous operations. A...

CVE-2017-6564

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...

Vulnerability subscriptions in terms of business

The question is: do we really need an employee in organization that deals with vulnerabilities in infrastructure on a full-time basis? Since this is similar to what I do for living, I would naturally say that yes, it is necessary. But as person, who makes security automation, I can say that there...

webapp.library.uvic.ca XSS vulnerability

Vulnerable URL: http://webapp.library.uvic.ca/databases/details.php?id=730=letter:P...

CVE-2017-0561

creationtimestamp| type| source ---|---|--- 2017-04-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41806 2017-04-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41805...

'Anonymous' FTP Servers Leaving Healthcare Data Exposed

Hackers craving personal health care information are targeting exposed FTP servers. The FBI issued a warning last week that focused on an increase in criminal activity targeting FTP servers used by medical and dental organizations that are configured to allow anonymous access without...

CVE-2017-0059

creationtimestamp| type| source ---|---|--- 2017-03-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41661 2017-10-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43125 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-03...

Million-Plus WordPress Sites Exposed by Vulnerable Plugin

A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack. The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group...

CVE-2017-5155

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by...

Default credentials

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by...

Open Databases a Juicy Extortion Target

Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from ones of opportunity to full-scale automated and...

IBM dashDB Local Hardcoding Vulnerability

IBM dashDB Local is a next-generation data warehouse storage and analytics solution from IBM USA for use in private clouds, virtual private clouds, and other container-enabled infrastructures. The solution features flexible container delivery, hybrid environment to store data, Spark in-memory bas...