CVE-2018-1000205

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality...

cineart.nl XSS vulnerability

Open Bug Bounty ID: OBB-636110 Description| Value ---|--- Affected Website:| cineart.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

UPM Roaming Profiles "Break" if App Layering Elastic Layering is Enabled

UPM roaming profiles "break" if enabling App Layering Elastic Layering feature. Can’t right click the start menu, can’t open programs, etc...

FLASH zero-day Vulnerability CVE-2018-5002 in the Middle East directed network attacks exploit-vulnerability warning-the black bar safety net

! Recently, ICEBRG security research team SRT identified Adobe Flash 0 day Vulnerability CVE-2018-5002-directional network attack behavior, the 0-day vulnerability is an attacker for the Middle East region, important individuals and organizations of network penetration. An attacker use the...

[SECURITY] Fedora 28 Update: gnupg2-2.2.8-1.fc28

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

[SECURITY] Fedora 27 Update: gnupg2-2.2.8-1.fc27

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

PYSEC-2018-116

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

CVE-2018-12104

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

CVE-2018-12104

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

CVE-2018-12104

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change or view information that the user should not have access to due to issues with the Scheduler functionality (CVE-2015-7396)

Summary IBM Maximo Asset Management could allow an authenticated user to change or view information that the user should not have access to due to issues with the Scheduler functionality. This vulnerability could allow a local attacker to compromise data integrity and confidentiality. The...

Security Bulletin: IBM Security Access Manager appliances are affected by a security vulnerability (CVE-2016-3051)

Summary IBM Security Access Manager appliances could allow an authenticated user to access some privileged functionality of the server. Vulnerability Details CVEID: CVE-2016-3051 DESCRIPTION: IBM Security Access Manager for Web could allow an authenticated user to access some privileged...

Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000)

Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the spreadsheet integration functionality. CVEID:...

Security Bulletin: IBM Tealeaf Customer Experience servers allow unauthenticated access (CVE-2015-4987)

Summary IBM Tealeaf Customer Experience servers allow access to operational data and less privileged operations without authentication. Vulnerability Details CVEID: CVE-2015-4987 DESCRIPTION: The IBM Tealeaf Customer Experience search and replay servers could allow an unauthenticated attacker to...

woodlandworldwide.com XSS vulnerability

Open Bug Bounty ID: OBB-632711 Description| Value ---|--- Affected Website:| woodlandworldwide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SUSE-SU-2018:1692-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent...

Microsoft Publisher Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. To...

A Totally Tubular Treatise on TRITON and TriStation

Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For bot...

garrigues.com XSS vulnerability

Open Bug Bounty ID: OBB-626272 Description| Value ---|--- Affected Website:| garrigues.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site scripting

An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability...