Microsoft Windows Transaction Manager Elevation of Privilege (MS16-123: CVE-2016-3341)

An elevation of privilege vulnerability has been reported in Microsoft Windows Kernel Transaction Manager. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to...

Unable to Delete Credentials

Challenge When attempting to delete credentials from the credentials manager, a message box states: Unable to delete credentials because they are currently in use. See details for more info. Cause You cannot delete a record that is already used for any component in the backup infrastructure...

Shopify: Add signature to transactions without any permission

Hi, I found an endpoint for transaction signing but user permission not checked on this endpoint So an user without any permission in shop can add signature to transactions! Endpoint: /admin/securefiles.json Parameters:...

Coinbase: coinbase Email leak while sending and requesting

Due to a bug first reported by another researcher, when one coinbase user sent bitcoin to another coinbase user, the receiving user had the sending user's email address silently added to their contact list. While this does not raise PII exposure concerns under our Privacy Policy, we felt it was...

Google Android - getpidcon Usage binder Service Replacement Race Condition

Google Android - getpidcon Usage binder Service Replacement Race Condition Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=851 This is very similar to forshaw's bug , . The servicemanager, when determining whether the sender of a binder transaction is authorized to register a...

IBM Financial Transaction Manager Clickjacking Vulnerability

IBM Financial Transaction Manager FTM is a financial transaction manager from IBM Corporation in the United States that is used to monitor, track and report on financial payments and transactions. A clickjacking vulnerability exists in IBM Financial Transaction Manager FTM versions 3.0.0.0 throug...

IBM Financial Transaction Manager for ACH Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager FTM for ACH Services is a Financial Transaction Manager product from IBM USA, which is used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in Financial Transaction Manager FTM for ACH Services...

Navis WebAccess - SQL injection vulnerability

No description provided by source. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under...

Samsung pay gaps can lead to a hack trade hijacking-vulnerability warning-the black bar safety net

! Spanish security researcher Salvador Mendoza found Samsung Pay a security vulnerability, this vulnerability once exploited, hackers will be able to use another device to the victims of the trade hijacking. Based on a contactless payment system, is many of the newer Samsung phones with the...

Navis Webaccess - SQL Injection

Navis Webaccess - SQL Injection @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under maintenan...

Navis WebAccess SQL Injection

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under maintenance Product Version - Express/All...

DEBIAN-CVE-2016-5412

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

CVE-2016-5412

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

CVE-2016-5412

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

UBUNTU-CVE-2016-5412

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

PT-2016-6414 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8 Description: The issue allows guest OS users to cause a denial of service, resulting in a host OS infinite loop. This occurs when a H CEDE hypercall is made during the existence of a suspended transaction,...

MoneyTrackin Web Application Cross Site Scripting

Exploit Title: MoneyTrackin Web Application - Stored Cross-Site Scripting XSS Date: 6/24/16 Exploit Author: Brett DeWall Exploit Author Twitter: @xbadbiddyx Exploit Author Blog: http://xbadbiddyx.tumblr.com Vendor Homepage: https://www.moneytrackin.com/ Version: Latest commit Contacted Vendor Dat...

Breaking: Microsoft to buy LinkedIn for $26.2 BILLLLLION

Breaking News for today: Microsoft has announced that it is planning to acquire LinkedIn, the social network for professionals, for $26.2 Billion in cash. Yes, Microsoft announced today that it would buy LinkedIn for $196 per share in an all-cash transaction valued at $26.2 BILLLLLLION. It is so...

Coinbase: Transaction Pending Via Ip Change

Hi , Wamim Here . I Normally Use my Account From My Country Ip Email But Last Some Days I Checked And Found That When I Change My Ip Before Login Or Sending that time I got Mail After The Money Send Kindly Note That From Normal Ip when You sent you received mail instant when money sent .but this...

Threat Outbreak Alert RuleID23124: Email Messages Distributing Malicious Software on May 26, 2016

Medium Alert ID: 46410 First Published: 2016 May 26 15:37 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID23124 may contain the following files: Name | Size...