EU Offering Bug Bounties on Critical Open-Source Software

The EU is offering "bug bounties on Free Software projects that the EU institutions rely on." Slashdot thread...

Dolibarr ERP-CRM 8.0.4 SQL Injection

Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Ander Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...

Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Versio...

EU launches Bug Bounty program for 14 free open-source products

By Waqas The European Union EU will be offering bug bounty rewards for the 14 open-source products that it uses. The EU’s Member of Parliament Julia Reda announced that the European Commission will offer bounties worth of €851,000 under its Free and Open Source Software Audit FOSSA. Bug bounty...

Security Analysis Toolkit for Proprietary Car Protocols: CANalyzat0r

While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols...

JasPer Null Pointer Dereference Vulnerability

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A null pointer dereference vulnerability exists in the 'rasputdatastd' function in the ras/rasenc.c file in JasPer version 2.0.14, which can be exploited by an attacker to cause a...

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

How to build your own motion-activated security camera

Attention makers! Are you looking for a challenging project that not only gets your gears grinding but helps to keep you secure while traveling? Welcome to the build-your-own security camera tutorial. The impetus for this project originated from events that took place at Defcon 26, where hotel...

Command Execution Vulnerability in ZZZCMS Website Builder System

zzcms is asp language to do free open-source station-building system, mainly facing the majority of webmasters to use. ZZZCMS website builder system there is a command execution vulnerability, attackers can use the vulnerability to execute remote commands...

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software OSS ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a...

TCExam Cross-Site Scripting Vulnerability (CNVD-2018-13449)

TCExam is a web-based open source online examination system for online test question generation, management and other aspects. A cross-site scripting vulnerability exists in versions of TCExam prior to 14.1.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

SQL Injection Vulnerability in Cloud EC E-commerce System at Front-end Order Evaluations

Cloud EC e-commerce system hereinafter referred to as Cloud EC is a set of PHP + MYSQL-based open source e-commerce system software developed independently by Cloud MYSQL e-commerce Co. Cloud EC e-commerce system SQL injection vulnerability exists at the front-end order evaluation. Attackers can...

Cloud EC e-commerce system SQL injection vulnerability in the foreground

Cloud EC e-commerce system hereinafter referred to as Cloud EC is a set of PHP + MYSQL-based open source e-commerce system software developed independently by Cloud MYSQL e-commerce Co. Cloud EC e-commerce system SQL injection vulnerability exists in the frontend. Attackers can use the...

MISP cross-site scripting vulnerability (CNVD-2018-06388)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp file in MISP. A remote...

systemd/fuzz-unit-file: Use-of-uninitialized-value in streq_ptr

Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=5546208027213824 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...

ClipBucket OS Command Injection Vulnerability

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. A security vulnerability exists in versions prior to ClipBucket 4.0.0 Release 4902. The vulnerability can ...

[SECURITY] Fedora 27 Update: moodle-3.3.4-1.fc27

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified

Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since it...

HP Shared ArcSight Source Code with Russians

Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect classified networks, but the security risks are much broader. Any weaknesses the Russians discover could be used against any ArcSig...

Unspecified Vulnerability in Ffmpeg (CNVD-2017-20991)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. There is an unspecified vulnerability in Ffmpeg, and no detailed vulnerability details are provided at this time...