How NOT to fail at PDF redaction

The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward. Recently, the European Commission published a PDF version of the contract it had with AstraZeneca...

Mozilla: Software keyboards may have remembered typed passwords

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...

The vulnerability of the Android operating system’s touchscreen interface on Samsung mobile devices, which allows a hacker to turn Bluetooth on or off.

The vulnerability of the Android operating system’s touchscreen interface on Samsung mobile devices is related to authentication deficiencies. Exploiting this vulnerability could allow a hacker to turn on or off Bluetooth...

Vulnerability of the i2400m_op_rfkill_sw_toggle() function (driver/net/wimax/i2400m/op-rfkill.c) in the Linux kernel, allowing a hacker to trigger a service failure

The vulnerability of the i2400moprfkillswtoggle function driver/net/wimax/i2400m/op-rfkill.c in the Linux kernel involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Linux kernel memory leak vulnerability (CNVD-2019-41709)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory disclosure vulnerability exists in the 'i2400moprfkillswtoggle' function in the drivers/net/wimax/i2400m/op-rfkill.c file in versions of Linux kernel prior to...

CVE-2019-19051

A memory leak in the i2400moprfkillswtoggle function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-6f3ef5c25cc7...

October 2, 2018, update for Office 2016 (KB4011669)

October 2, 2018, update for Office 2016 KB4011669 This article describes update 4011669 for Microsoft Office 2016 that was released on October 2, 2018. This update has a prerequisite.Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of...

PT-2019-4097 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.11 Description: A memory leak in the i2400m op rfkill sw toggle function in the Linux kernel allows attackers to cause a denial of service memory consumption. This issue is related to uncontrolled resource...

CVE-2019-14795

The toggle-the-title aka Toggle The Title plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=updatetitleoptions isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter...

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...

PT-2019-18323 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.1.16828 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The...

August 9, 2016 — KB3176495 (OS Build 14393.51)

August 9, 2016 — KB3176495 OS Build 14393.51 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11. Addressed issue to keep pen click settings after...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...

CVE-2018-5110

If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox 58...

Zomato: [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php

Introduction In the following ██████████ the endpoint /php/restaurantmenushandler.php was found. This endpoint is meant solely to be accessible for admins, however due to insufficient protections normal users can access this endpoint too. This results in any Zomato user being able to edit and...

polarkoru.fi XSS vulnerability

Vulnerable URL: http://www.polarkoru.fi/itemdetail.php?n=PKR-20335=Fresh Water Pearl Bracelet. Toggle catch 925 Sterling Silver.=item/20110425231349/www.PolarKoru 20335.jpg"';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS...

DEBIAN-CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php...

UBUNTU-CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php...

CVE-2016-5174

browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...