DEBIAN-CVE-2017-10928

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue...

The MeDoc Connection

This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...

SA151: ImageMagick RCE Vulnerability (ImageTragick)

SUMMARY Symantec Network Protection products using affected versions of ImageMagick are susceptible to the ImageTragick security vulnerability. A remote attacker can send crafted images and execute arbitrary code on the target. AFFECTED PRODUCTS The following products are vulnerable: Security...

UBUNTU-CVE-2017-10928

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

Solution Corner: Malwarebytes Endpoint Protection

We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint...

CVE-2017-1347

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462...

Code execution vulnerability in finecms

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A code execution vulnerability exists in finecms. An attacker can exploit the vulnerability getshell...

Google Android has an unspecified vulnerability (CNVD-2017-13247)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in the DRM provisioning command parsing process in Android. An attacker can exploit this vulnerability to perform unauthorized operations...

Live Threat-Driven Vulnerability Prioritization

We often hear that security teams are overwhelmed by the number of vulnerabilities in their environments: every day they are finding more than they can fix. It doesnt help when rating schemes used for prioritization, like the Common Vulnerability Scoring System CVSS, dont really work at scale or...

Windows Uniscribe Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accoun...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08704)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. Fastspot BigTree CMS 4.2.18 and earlier versions of the core\admin\modules\developer\extensions\install\process.php file and core\admin\modules\developer\ An SQL injection...

Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 7.0.0-build1904 Confirmed Patched Versions:...

AutoTrace Denial of Service Vulnerability (CNVD-2017-08537)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A denial of service vulnerability exists in the input-tga.c:528:63 of the libautotrace.a file in AutoTrace version 0.31.1. An attacker could exploit this vulnerability to cause a denial of service...

Sql injection

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a sessi...

Initialization Vector Reuse

pysaml2 reuses initialization vectors for AES encryption. This may leak information about encrypted data to attackers...

Cross site scripting

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

AutoTrace Denial of Service Vulnerability (CNVD-2017-08488)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A denial of service vulnerability exists in the libautotrace.a file in AutoTrace version 0.31.1. A remote attacker can exploit this vulnerability to cause a denial of service invalid write and SEGV...

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...