127 matches found
Website Security Dog suffers from SQL Injection Vulnerability
Security Dog is a comprehensive server security protection tool that integrates server security protection and security management. Website Security Dog suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Banknotes Misproduction security & biometric weakness
Document Title: =============== Banknotes Misproduction security & biometric weakness References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2106 Video: https://www.youtube.com/watch?v=ORbU8fyhkgY Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2105 Vulnerabilit...
Bringing Data Center Security to Cloud Speed
Last week, while visiting the product management team for Deep Security, I asked about their latest release. They surprised me by saying the big news is that there IS a release. Confused, I asked them to elaborate… You see, when you develop software, you’re faced with many choices, one of which i...
Stellar.org: Session Cookie without HttpOnly and secure flag set
vulnerable URL: www.stellar.org The PHPSESSID cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only accessed by the server and not by client-side scripts. This is an important security protection for session...
Spoofing
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine AVE 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file...
CVE-2016-8032
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine AVE 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file...
CVE-2016-8032
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine AVE 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file...
Cross site scripting
A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...
CVE-2017-7241
CVE-2017-7241 is an XSS vulnerability in MantisBT, triggered via the move_attachments_page.php in the admin tools. The issue allows injection of arbitrary code through a crafted 'type' parameter, contingent on CSP settings. It is mitigated by upgrading mantisbt/mantisbt to 1.3.9, 2.1.3, or 2.2.3 ...
CVE-2017-7241
A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...
CVE-2016-8031
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine AVE 5200 through 5800 allows local users to bypass local security protection via a crafted input file...
Threat Outbreak Alert RuleID27559: Email Messages Distributing Malicious Software on February 1, 2017
Medium Alert ID: 52513 First Published: 2017 February 1 16:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27559 may contain the following files: Name |...
Debian DSA-3731-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another...
Debian Security Advisory DSA 3731-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another...
Cheetah Security Browser has a design flaw
Cheetah Secure Browser is a browser launched by Cheetah Mobile formerly Kingsoft Network, focusing on security and speed features, using Trident and WebKit dual rendering engine, and integrating Kingsoft's own BIPS for security protection. A design vulnerability exists in Cheetah Secure Browser,...
EMET: To be, or not to be, A Server-Based Protection Mechanism
Hi Folks – Platforms PFE Dan Cuomo here to discuss a common question seen in the field: “My customer is deploying EMET and would like to know if it is supported on Server Operating Systems.” On the surface there is a simple answer to this question, however with a little poking, a little prodding,...
Microsoft refused to fix the 3 2-bit the IE vulnerability, the reason given is: 3 2-bit programs to be eliminated-vulnerability warning-the black bar safety net
! HP security expert Dustin Childs recently disclosed one that affects millions of 3 2-bit Windows systems the IE vulnerability. Looks pretty serious isn't it? However, Microsoft does not seem to intend to fix this vulnerability...... This is a based on ASLR, address space layout randomization of...
Debian DLA-19-1 : postgresql-8.4 update
New upstream minor release. Users should upgrade to this version at their next scheduled maintenance window. Noteworthy change : Secure Unix-domain sockets of temporary postmasters started during make check Noah Misch Any local user able to access the socket file could connect as the server's...
IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)
The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request. C Tenable Network Security, Inc...
SuSE 11.3 Security Update : flash-player (SAT Patch Number 9508)
flash-player was updated to version 11.2.202.394 to fix security protection bypass issues. CVE-2014-0537 / CVE-2014-0539 / CVE-2014-4671 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The...