Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 for Windows Server 2012: September 12, 2017

Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 for Windows Server 2012: September 12, 2017 View products that this article applies to. Summary This security update resolves a vulnerability in the Microsoft .NET Framework that could allow remote...

Shopify: Stored XSS through Facebook Page Connection

The following URL https://kitcrm.com/users/122686/connections displays us options to connect our several social networking accounts to kitcrm. Once i connect my facebook account, the facebook section in above link will list out all my facebook page and will give me an option to select a business...

Quora: IDNs displayed in unicode

Hello Quora, Please refer https://en.wikipedia.org/wiki/Internationalizeddomainname to know more about IDNs. The IDN Internationalized Domain Name : http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, you might think that you are going to ebay.com but in fact, yo...

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

Shenzhen Yuanzheng Technology golo android app has information leakage vulnerability

golo APP is a social networking application that uses instant messaging as a communication platform to connect automotive repair technicians with car owners. Shenzhen Yuanzheng Technology golo Android APP has information leakage vulnerability. The attacker can view the user's sensitive informatio...

Shenzhen Yuanzheng Technology golo Android APP has arbitrary account login vulnerability

golo APP is a social networking application that uses instant messaging as a communication platform to connect automotive repair technicians with car owners. A vulnerability exists in Shenzhen Yuanzheng Technology's golo Android APP that allows an attacker to log in to any account. An attacker ca...

iTech Social Networking Script 3.08 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: iTech Social Networking Script 3.08 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/social-networking-script/ Demo: http://social.itechscripts.com...

iTech Social Networking Script 3.08 - SQL Injection

Exploit Title: iTech Social Networking Script 3.08 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/social-networking-script/ Demo: http://social.itechscripts.com Version: 3.08 Category: Webapps Tested on:...

Virtuozzo 7 : readykernel-patch (VZA-2017-073)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented ...

Virtuozzo 7 : readykernel-patch (VZA-2017-071)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented ...

FAQ: Citrix ADC on Microsoft Azure

Q: What is Citrix ADC, formerly Netscaler ADC, on Microsoft Azure? A: Citrix ACD on Microsoft Azure is a L4-L7 virtual networking appliance that ensures organizations have access to secure and optimized applications and assets deployed in the cloud. Citrix ADC on Azure provides a foundation for t...

The vulnerability of the Autonomic Networking component in Cisco IOS and Cisco IOS XE operating systems allows a attacker to trigger a service failure.

The vulnerability of the Autonomic Networking component in Cisco IOS and Cisco IOS XE operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to trigger a service failure rebooting of autonomous system nodes...

iTech Business Networking Script 8.26 - SQL Injection

iTech Business Networking Script 8.26 - SQL Injection Exploit Title: iTech Business Networking Script 8.26 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/business-networking-script/ Demo:...

The vulnerability of the Autonomic Networking component of the Cisco IOS XE operating system allows a hacker to gain access to the Autonomic Networking infrastructure.

The vulnerability of the Autonomic Networking component of the Cisco IOS XE operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the Autonomic Networking infrastructure after the...

iTech Business Networking Script 8.26 - SQL Injection

Exploit Title: iTech Business Networking Script 8.26 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/business-networking-script/ Demo: http://professional-network.itechscripts.com/ Version: 8.26 Category: Webapps Tested o...

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.0 for Virtuozzo 7.0.4 and 7.0.4 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 Virtuozzo 7.0.4 and 3.10.0-514.16.1.vz7.30.15 Virtuozzo 7.0.4 HF3. Vulnerability id: CVE-2017-1000111 A race condition issue leading to a...

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, and 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-1000111 A...

CVE-2017-1000111

A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket requires the CAPNETRAW capability could use this to waste resources in the kernel's ring buffer or...

Call for Papers: Qualys Security Conference 2017

Our annual user conference, QSC17, is quickly approaching and we are looking for customer presentations that showcase hot topics related to security and best practices via case studies leveraging the use of Qualys technologies. If you would like to be considered as a presenter, please send a...

Patched Flash Player Sandbox Escape Leaked Windows Credentials

One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue. Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the...