Security Bulletin: jQuery UI title/default content cross-site scripting (CVE-2012-6662 and CVE-2010-5312)

Question Security Bulletin: jQuery UI title/default content cross-site scripting CVE-2012-6662 and CVE-2010-5312 Answer Abstract: The jQuery UI is vulnerable to cross-site scripting which is caused by improper validation of user-supplied input as well as input by the default content. A remote...

DEBIAN-CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...

PT-2018-15137 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the svg run image function...

PT-2018-15136 · Artifex · Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue allows remote attackers to cause a denial of service through recursive calls followed by a crash from excessive stack consumption via a crafted svg file. This is demonstrated by mupdf-gl...

Artifex MuPDF Denial of Service Vulnerability (CNVD-2019-06785)

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A buffer overflow vulnerability exists in the svg/svg-run.c file in Artifex MuPDF version 1.14.0. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted svg file...

Artifex MuPDF Denial of Service Vulnerability (CNVD-2019-06786)

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A denial of service vulnerability exists in the 'svgrunimage' function of the svg/svg-run.c file in Artifex MuPDF version 1.14.0. A remote attacker can exploit this vulnerability to cause a denial of service hrefatt null point...

ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...

CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...

Fedora Update for chromium FEDORA-2018-fd194a1f14

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svgdevendtile in fitz/svg-device.c, as demonstrated by mutool...

Why Malwarebytes decided to participate in AV testing

Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

Microsoft Windows PowerShell Remote Code Execution Vulnerability

Microsoft.PowerShell.Archive and others are products of Microsoft Corporation.Microsoft Windows 10 is a suite of operating systems.PowerShell Core is a set of cross-platform command-line script execution environments built for heterogeneous environments and hybrid clouds.PowerShell Core is a suit...

CVE-2018-0686

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote authenticated attackers to upload and execute any executable files via unspecified vectors...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

DEBIAN-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

UBUNTU-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

BurpsuitePlugin to decrypt AES Encrypted traffic on the fly. Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses. Bu...

Command Injection

Overview Versions of ascii-art before 1.4.4 are vulnerable to command injection. This is exploitable when user input is passed into the argument of the ascii-art preview command. Example Proof of concept: ascii-art preview 'doom"; touch /tmp/malicious; echo "' Given that the input is passed on th...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...