190 matches found
Researchers Reveal New Security Flaw Affecting China's DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...
The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a perpetrator to execute arbitrary codes.
The vulnerability of the “Update Manager” component of the enterprise resource management system Galaktika ERP is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has access to the update server, to execute...
Joomla 3.6.x < 3.9.7 Multiple Vulnerabilites
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.6.x prior to 3.9.7. It is, therefore, affected by the following vulnerabilities: - Joomla versions 3.8.13 prior to 3.9.7 are affected by a vulnerability where a non-admin user may manipulate the...
CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
Code injection
An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
CVE-2019-12764
CVE-2019-12764 affects Joomla! prior to 3.9.7. The vulnerability is in the update server URL for component com_joomlaupdate, which can be manipulated by non Super-Admin users. Documented impact indicates potential integrity/confidentiality risk via update source redirection, but explicit exploita...
PT-2019-12931 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the update server URL of com joomlaupdate can be manipulated by non Super-Admin users. Recommendations: For versions prior to 3.9.7, update to version 3.9.7 or later t...
[20190603] - Core - ACL hardening of com_joomlaupdate
The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
CVE-2018-13012
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...
Design/Logic Flaw
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...
CVE-2018-13012
The CVE-2018-13012 vulnerability affects SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to version 4.4.12. Description: a flaw where code downloaded during updates is not validated with proper integrity checks, enabling ...
Security Bulletin: A vulnerability in the GSKit component of IBM Security SiteProtector System (CVE-2016-0201)
Summary A vulnerability has been addressed in the GSKit component of IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...
Security Bulletin: A vulnerability in IHS (IBM HTTP Server) affects IBM Security SiteProtector System (CVE-2015-1829)
Summary The IBM Security SiteProtector System uses IBM HTTP Server IHS for which there is a potential denial of service vulnerability that may impact IHS on Windows. Exploitation of the attack requires local access to the server system. Vulnerability Details CVEID: CVE-2015-1829 DESCRIPTION: Apac...
CVE-2017-14090
CVE-2017-14090 affects Trend Micro ScanMail for Exchange 12.0. The vulnerability lies in the update mechanism: communications to update servers are unencrypted (HTTP) and lack certificate validation, enabling eavesdropping/tampering. Core Security’s advisory details that vulnerable update paths a...
The MeDoc Connection
This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...
Description of the cumulative update for Office Communications Server 2007 R2, Core Components: January 2010
Describes the issues that are fixed in the Office Communications Server 2007 R2, Core Components cumulative update that is dated January 2010.SummaryThis article describes the Microsoft Office Communications Server 2007 R2, Core Components issues that are fixed in the cumulative update for...
McAfee VirusScan Enterprise for Linux authentication token brute force
Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...