Protecting today’s web applications requires more than a firewall

The way organizations build web applications has changed dramatically over the last several years. As a result, many organizations are considering additional security strategies to augment the Web Application Firewall WAF on which they have relied to protect critical digital business operations...

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2021-94901)

Microsoft Visual Studio is an integrated development environment for developing computer programs, websites, web applications, web services, and mobile applications. an elevation of privilege vulnerability exists in Microsoft Visual Studio. An attacker could exploit this vulnerability to elevate...

Microsoft Security Update Validation Report September 2021

Microsoft’s September 2021 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing...

Cross-site Request Forgery (CSRF)

Overview bettererrors is a package that provides a better error page for Rails and other Rack apps. Includes source code inspection, a live REPL and local/instance variable inspection for all stack frames. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF...

CVE-2021-39197

bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not...

UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

Microsoft Security Update Validation Report July 2021

Microsoft’s July 2021 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

JetBrains WebStrom Local Code Execution Vulnerability

JetBrains WebStorm is a JavaScript integrated development environment from Czech software development company JetBrains. versions prior to JetBrains WebStorm 2021.1 have a local code execution vulnerability that could be exploited by an attacker to make WebStrom execute local code when pulling co...

Moderate: Red Hat Enhancement Advisory: rh-eclipse bug fix and enhancement update

Updated rh-eclipse packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Eclipse is an integrated development environment IDE. The rh-eclipse packages have been upgraded to version 4.19, which is based on the Eclipse Foundation's 2021-03 release train. For...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the IDE virtual appliance in Parallels Desktop version 15.1.5-47309. The vulnerability stems from not properly validating the length of user-supplied data before copying it to a...

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in the IDE virtual appliance in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a lack of proper validation of user-supplied data. A local attacker could...

Android: DNS setup for developing and testing against local web services

Most "interesting" smartphone applications do not run only on the smartphone device; they rely on supporting web services that can be run both by the deploying organization and 3rd parties. One of the challenges we have run into when developing Android application is setting up a suitable...

CVE-2021-28792

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...

Design/Logic Flaw

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...

CVE-2021-28792

The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....

Acronis: Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]

Summary Hello, @acronis Team I hope you all doing well. during My recon, I found OPEN S3 BUCKET http://acronis.1.s3.amazonaws.com and this BUCKET has an ZIP file . and this file contains sensitive information about the internal system of Acronis. This Zip file Is from 2018. And it looks like it w...

Apple Xcode has an unspecified vulnerability

Apple Xcode is an integrated development environment provided by Apple for developers to develop applications for Mac OS X and iOS. Apple Xcode 12.4 contains a security vulnerability that could be exploited by attackers to access arbitrary files on the host device...

Eclipse Che Cross-Site Request Forgery Vulnerability (CNVD-2021-14164)

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...

CVE-2020-9738

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

CVE-2020-9735

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...