JVN#91638315: FileMaker server issue where PHP source code may be viewable

FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Impact PHP source code may be viewable. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected FileMake...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

Microsoft Windows 7 - WebDAV Local Privilege Escalation (MS16-016) (2)

Microsoft Windows 7 - WebDAV Local Privilege Escalation MS16-016 2 Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this...

Ubiquiti Inc.: Source code disclosure on https://107.23.69.180

The researcher discovered a misconfigured GitHub repo leaking some sensitive data...

Vimeo: Images and Subtitles Leakage from private videos

Hello, There is a Vulnerability in https://player.vimeo.com/video/VIDEOID When a Video is private but embedable, there are some information about the video on the source code of the webpage, even if the user is not connected to Vimeo or doesn't have right to access the video. The following info a...

Discuz! source\function\function_discuzcode.php 存储型xss漏洞

No description provided by source...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

Android Security Bulletin—May 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

LocalTapiola: Source Code Disclosure on out of scope domain viestinta.lahitapiola.fi

Issue The reporter had found an open .git folder on one of our out of scope domains. Fix The issue was investigated and found to be valid. The source code was removed from the public server. The source code did not contain any business critical information and customer information was never at...

Linux x64 - Bind Shell Shellcode Generator

Linux x64 - Bind Shell Shellcode Generator. Shellcode exploit for linx86-64 platform !/bin/python import socket import sys """ Linux x64 - Bind Shell shellcode Generator --------------------------------------------------------------------------------- Disassemby of bindshell - port 5600 Disassemb...

Metaphor - Stagefright with ASLR bypass

Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd. Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf Metaphor's source code is now released! The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR...

Uber: Reflected XSS via Livefyre Media Wall in newsroom.uber.com

Hello @uber, This vulnerability works in all sites where there Livefyre Media Wall, including newsroom.uber.com. To reproduce this Cross-Site Scripting, visit this URL: https://newsroom.uber.com/?lf-content=danylod.com/uber.php?:131560603:307477931 Vulnerable is this source code:...

China wants Apple's Source Code, but the Company Refused

In Brief Apple's head of legal has denied all rumors about providing its complete source code or any backdoor to the Chinese government. Apple officially confirmed that the Chinese government has asked Apple twice in the past two years to hand over the source code for its operating system, but th...

NUnit: source code security analysis report

Several vulnerabilities were discovered in NUnit.org 'NUnit' software: Использование статических генераторов псевдослучайных чисел в криптографических целях Некорректная фильтрация пользовательского ввода при передаче управления сторонним компонентам Некорректная фильтрация пользовательского ввод...

AddToMenu Joomla Extensions Free: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'AddToMenu Joomla Extensions Free' software: Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating Code on the Fly...

Bank Trojans Nymaim, Gozi Merge Create GozNym

Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...