OWASP ZAP 2.7.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

RHEL 6 : java-1.8.0-ibm (RHSA-2017:3453)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3453 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Linksys WVBR0 25 Command Injection(CVE-2017-17411)

In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its U-Verse service in favor of its DirecTV...

Richard Seiersen, CISO of Twilio, Joins Wallarm Board of Advisers

We are excited to welcome Richard Seiersen to Wallarm advisory team. Richard brings tons of security experience from both start-ups and global companies and unique views on making the impact of security measurable. We have asked Richard to share some of his thoughts on what’s important in cyber...

CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2017:3392)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

ALPINE-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control. The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

rsync access restriction bypass vulnerability (CNVD-2018-00212)

rsync is a data mirroring backup application for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras that synchronizes file and directory updates between two computers and uses differential encoding to reduce data transfers. A security vulnerability in...

Randy Bias joins Wallarm board of advisers

Menlo Park, California — December 5, 2017 — Wallarm today announced that Randy Bias, Vice President of Technology and Strategy, Cloud Software at Juniper and founder of Cloudscaling acquired by EMC, has joined Wallarm’s board of advisers. “Randy is an agile cloud pioneer and a thought leader in...

Developers Targeted in ‘ParseDroid’ PoC Attack

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

USN-3497-1 openjdk-7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

CVE-2017-9316

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...

BlackBerry QNX Software Development Platform Elevation of Privilege Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An elevation of privilege vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...

BlackBerry QNX Software Development Platform Information Disclosure Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...

BlackBerry QNX Software Development Platform Arbitrary Function Call Vulnerability Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An arbitrary function call vulnerability exists in the default configuration of the QNX SDP system in BlackBer...

KLA11133 Multiple vulnerabilities in Microsoft Development Tools

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core can be...