Mixmax: Stored XSS in Templates>Enahance>Social Badges

Hi, just like the report 237927, I found stored XSS in TemplatesEnhance Social Badges section. 1. Go to templates section and click on one of your templates. 2. Enhance Social Badges. 3. Enter the payload: javascript:alert1 in any of the social networking button url. 4. You'll see that the xss is...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 59.0.3071.91, 59.0.3071.92 Platform version: 9460.60.0, 9460.60.2 for all Chrome OS devices except the Google Chromebook Pixel 2015. This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over...

Linux Kernel ping Denial Of Service

Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42; printf"sinfamily1 = %08lx\n", addr.sinfamily;...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...

Keybase: Universal Cross-Site Scripting in Keybase Chrome extension

Description The Keybase Chrome extension makes heavy use of the insecure innerHTML DOM API, resulting in Universal Cross-Site Scripting on all Keybase-supported social networking websites. Steps to reproduce the issue 1. Install the Keybase Chrome extension 2. Navigate to the following URL addres...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170525)

Security Fixes : - It was found that the packetsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines. Samba is open-source software re-implementation of SMB networking protocol that runs on the majorit...

Google Android Qualcomm Networking Driver Privilege Vulnerability

Google Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. Google Android suffers from an elevation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges in the kernel...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-827)

Improper re-use of NTLM authenticated connections Networking, 8163520 : It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170509)

Security Fixes : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 - It was found that the...

Oracle Java SE 6 < Update 151 / 7 < Update 141 / 8 < Update 131 Multiple Vulnerabilities

Binary data 700090.prm...

java security update

CentOS Errata and Security Advisory CESA-2017:1204 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS ba...