UBUNTU-CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

ThreatList: Top Summer DDoS Trends

On Tuesday, Akamai released a report on the year’s biggest distributed denial of service DDoS attacks. The report illustrates how this time-tested attack method continues to morph and adopt new tricks, and discusses trends to watch as we move into the summer months. According to the study, Summer...

CVE-2018-8039

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol";'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old...

What You Need To Know - Summer 2018 State of the Internet / Security: Web Attack Report

It's that time of year - the Summer 2018 State of the Internet / Security: Web Attack report is now live. This new naming schema is just one of the many changes you'll notice if you're a returning reader of quarterly report, and there are more changes coming as we work to bring you insights and...

Design/Logic Flaw

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

Security Bulletin: IBM Cúram Social Program Management is vulnerable to Java reflection attack(CVE-2014-8903).

Summary IBM Cúram Social Program Management is vulnerable to Java reflection attack caused by external input that is used to specify a class. A remote attacker could exploit this vulnerability by injecting arbitrary class names which will be subsequently loaded. Vulnerability Details CVE-2014-890...

Security Bulletin: IBM OpenPages GRC Platform is affected by multiple XSS reflection vulnerabilities (CVE-2017-1147, CVE-2016-3048)

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to multiple XSS reflection vulnerabilities. Vulnerability Details CVEID: CVE-2017-1147 DESCRIPTION: IBM OpenPages GRC Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

CVE-2017-3907

Code Injection vulnerability in the ePolicy Orchestrator ePO extension in McAfee Threat Intelligence Exchange TIE Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector...

Java deserialization vulnerability the principles of the analysis-vulnerability warning-the black bar safety net

In the world there are three things most difficult: Put someone else's money stuffed into their own pockets Put their ideas put into someone else's head. To let own code run on someone else's server Foreword Java deserialization vulnerability is nearly a period of time has been focused on the...

Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...

LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...

Memcached DDoS Exploit Code and List of 17,000 Vulnerable Servers Released

Two separate proofs-of-concept PoC exploit code for Memcached amplification attack have been released online that could allow even script-kiddies to launch massive DDoS attacks using UDP reflections easily. The first DDoS tool is written in C programming language and works with a pre-compiled lis...

1.7 Tbps DDoS Attack — ​Memcached UDP Reflections Set New Record

The bar has been raised. As more amplified attacks were expected following the record-breaking 1.35 Tbps Github DDoS attack, someone has just set a new record after only four days — 1.7 Tbps DDoS attack. Network security and monitoring company Arbor Networks claims that its ATLAS global traffic a...

Red Hat Releases Security Guidance for Memcached

Red Hat has released security recommendations to address potential Distributed Denial of Service attacks using Memcached. This misconfiguration could allow an attacker to exploit Memcached services as a reflection and amplification vector, causing unexpected volumes of traffic to be sent to...

memcached, now with extortion!

Over the past week, memcached reflection attacks have taken the DDoS scene by storm. With several attacks hitting organizations across many industries, including a record breaking 1.3Tbps attack against an Akamai customer. Akamai has observed a new trend in extortion attempts using memcached...

CVE-2018-7049

The CVE-2018-7049 entry concerns Wowza Streaming Engine prior to 4.7.1, with a cross-site scripting (XSS) vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager). The issue allows script injection or reflection via a cr...

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced th...