CVE-2017-6667

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known...

Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...

KLA11047 Multiple vulnerabilities in Microsoft Development Tools

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Original advisories - Exploitation Public exploits exist for this vulnerability. Malware exists for this...

Healthcare Industry Cybersecurity Report

New US government report: "Report on Improving Cybersecurity in the Health Care Industry." It's pretty scathing, but nothing in it will surprise regular readers of this blog. It's worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Tas...

[SECURITY] Fedora 26 Update: libgcrypt-1.7.7-1.fc26

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

No credentials of the cases, the attacker will be able to login to FreeRADIUS-vulnerability warning-the black bar safety net

Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current world's most popular radius server found a TLS authentication bypass vulnerability. ! FreeRADIUS is currently the world's most popular RADIUS server, in fact the vast majority of the radius server is...

[SECURITY] Fedora 26 Update: FlightGear-2017.1.3-2.fc26

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

Collaborative Storytelling at Rapid7

Great ideas can come from anywhere! At Rapid7, we design and develop wonderful products we hope you think so too!. Everything here starts with stories. Storytelling matters: The ability to tell a compelling story is the defining quality of human nature. Storytelling is just as important in busine...

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

The vulnerability of Qualcomm’s TrustZone microprogramming software technology allows a intruder to trigger a service failure or exert other effects on the system.

The vulnerability of Qualcomm’s TrustZone microprogramming software’s Android Secure Execution Environment from the CAF repository is due to a numerical overflow. Exploiting this vulnerability could allow an attacker to cause a system failure or otherwise affect the system...

Directory Traversal

Overview Affected versions of serverliujiayi1 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

Directory Traversal

Overview Affected versions of serverlyr resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Example request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:foo and response: HTTP/1.1 200 OK Date: Wed, 17 M...

Directory Traversal

Overview Affected versions of serveryaozeyan resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

JAD java Decompiler 1.5.8e - Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prior is pro...

[SECURITY] Fedora 25 Update: FlightGear-2016.3.1-4.fc25

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

[SECURITY] Fedora 24 Update: FlightGear-2016.1.2-6.fc24

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

CVE-2017-9111

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

CVE-2017-9113

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code...