CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

[SECURITY] Fedora 25 Update: pkgconf-1.3.9-1.fc25

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

[SECURITY] Fedora 27 Update: pkgconf-1.3.9-1.fc27

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

[SECURITY] Fedora 27 Update: FlightGear-2017.2.1-4.fc27

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

Helping Mobile Operators Keep Customers Safe with Virtualized Network Security

At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators MNOs are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate...

Zomato: Admin Access to a domain used for development and admin access to internal dashboards on that domain

@prateek0490 Was able to find our development server without any authentication. Which leads to leak the user data and some internal dashboards...

[SECURITY] Fedora 26 Update: pkgconf-1.3.9-1.fc26

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Queries regarding app intent and allowed URL schemes

While developing Enterprise app w.r.t app intent and allowed URL schemes we need to follow the below Guide . Android App- How to add Intent Filters for Deep Links, Read Data from Incoming Intents iOS App-How to Implement Custom URL Schemes. XenMobile 10.x Enterprise Apps iPa and APK...

primusdesign.in XSS vulnerability

Vulnerable URL:...

Cloud-focused Firms Earn High Marks for Software Security in BSIMM8 Report

Companies pushing the cloud envelope are most likely to run safer cleaner code. On the flip side, as the healthcare industry embraces an increasingly software-driven business model, it is struggling to keep up with its peers when it comes to software security. Those are some of the takeaways from...

Pharos PopUp Printer Client memcpy Code Execution Vulnerability(CVE-2017-2787)

Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...

[SECURITY] Fedora 26 Update: python-django-1.10.8-1.fc26

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Lab for Java Deserialization Vulnerabilities This content is...

idb - Tool to simplify some common tasks for iOS pentesting and research

idb is a tool to simplify some common tasks for iOS pentesting and research. Originally there was a command line version of the tool, but it is no longer under development so you should get the GUI version. Installation idb has some prerequisites. As it turns out, things like ruby and Qt are...

Managing Security in a DevOps Environment

DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...

IBM Operationas Analytics Predictive Insights Java SDK Remote Lift Vulnerability

IBM Operationas Analytics Predictive Insights is a proactive fault management system from IBM, USA. The system monitors the performance of physical and logical infrastructures and provides alerts in the event of failures.Java SDK is one of the Java software development kits. A remote boost...

PHP Video Battle Script 1.0 - SQL Injection

Exploit Title: PHP Video Battle Script 1.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.rocky.nu/ Software Link: http://www.rocky.nu/product/php-video-battle/ Demo: http://videobattle.rocky.nu/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

The vulnerability of the update mechanism for dynamic JAR files used in cloud service development tools like Context Service Software Development Kit allows a perpetrator to execute arbitrary code.

The vulnerability of the mechanism for updating dynamic JAR files used in cloud service development tools like Context Service Software Development Kit exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the...