Superkolky - External URLs, SD-card access, SQLite database found vulnerabilities

HackApp vulnerability scanner discovered that application Superkolky published at the 'play' market has multiple vulnerabilities...

Google's OSS-Fuzz Finds 1,000 Open Source Bugs

The numbers are in, and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months the effort has unearthed more than 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz,...

flatCore Cross-Site Request Forgery Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A cross-site request forgery vulnerability exists in flatCore, which allows remote attackers to exploit the vulnerability to construct malicious URIs and trick users into parsing them, which can be used to cause the target use...

[SECURITY] Fedora 24 Update: roundcubemail-1.2.5-1.fc24

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)

The version of Apple iTunes installed on the remote macOS or Mac OS X host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated,...

Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote...

Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can...

Emby MediaServer 3.2.5 - SQL Injection

Emby MediaServer 3.2.5 - SQL Injection Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize...

bien sports tv 2017 free - Dynamic Code Loading, External URLs, SQLite database found vulnerabilities

HackApp vulnerability scanner discovered that application bien sports tv 2017 free published at the 'play' market has multiple vulnerabilities...

CVE-2017-2384

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode...

Arbitrary file deletion

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode...

CVE-2017-2384

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode...

CVE-2017-2384

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode...

CVE-2017-2384

CVE-2017-2384 affects iOS Safari prior to 10.3. The issue arises from mishandling of deletions in the SQLite subsystem of the Safari component, allowing a local user to identify websites visited in Private Browsing mode. The dedicated Apple advisory notes the fix involved improved SQLite cleanup,...

BSA-2017-215

Security Advisory ID : BSA-2017-215 Component : sqlite Revision : 3.0: Final osunix.cin SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service application crash, or have...

About the security content of iTunes 12.6 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

About the security content of iTunes 12.6 for Windows

About the security content of iTunes 12.6 for Windows This document describes the security content of iTunes 12.6 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

TEW-654TR router vulnerability analysis and mining-vulnerability warning-the black bar safety net

Read the complete devttys0 predecessors of”exploiting embedded systems”series. Analysis under the relevant firmware router model: TEW-654TR firmware download address: http://download.trendnet.com/TEW-654TR/firmware/ 0×01 environment settings ! !/ bin/bash INPUT="$1" LEN=$echo-n "$INPUT" | wc-c...

[SECURITY] Fedora 25 Update: python-peewee-2.8.5-2.fc25

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...

[SECURITY] Fedora 24 Update: python-peewee-2.8.5-2.fc24

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...