PT-2025-36491

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions prior to 2.4.10 Magento Open Source affected versions not specified Description An improper input validation issue, known as SessionReaper, exists in the REST API, specifically within the ServiceInputProcessor and the...

This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the more than 140 February Patch Tuesday updates from Microsoft and Adobe. Also, read about how an unsecured and unencrypted...

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Adobe released a patch for a critical flaw on Tuesday that leaves its Flash Player vulnerable to arbitrary code execution by an adversary. Affected are versions of the Flash Player running on Windows, macOS, Linux and Chrome OS. In tandem, a Microsoft Security Advisory was also issued for the bug...

New Flash Player zero-day comes inside Office document

Update 2018-02-06: Adobe has released a patch for this vulnerability. More information is available here. We tested this zero-day with a proof-of concept that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows...

Internet Bug Bounty: Flash “local-with-filesystem” Bypass in navigateToURL

This issue has been patched by Adobe: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html CVE-2016-4178 Flash “local-with-filesystem” policy can be bypassed using the “navigateToURL” function. It is not possible to target the local files using a Flash file in a website using...

Wekby APT 18 Exploiting Hacking Team Flash Zero Day

The Wekby APT group, implicated in a number of targeted attacks against health care organizations such as Community Health Systems and major pharmaceutical companies, is reportedly making use of the Adobe Flash Player zero-day found in the Hacking Team data dump. According to Virginia-based...

Hacking Team Flash Zero Day Weaponized in Exploit Kits

Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team. Experts, including French researcher Kafeine and a number of others from security companies, revealed last night...

Flash Player <= 16.0.0.257 Information Disclosure (APSB15-02)

Binary data 8658.prm...

Flash Zero Day Used to Target Victims in Syria

A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool. Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the...

Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Summary Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player...

Adobe Acrobat Reader 8.1.2 9.0 - getIcon() Memory Corruption

Adobe Acrobat Reader 8.1.2 9.0 - getIcon Memory Corruption Affected Version : Acrobat Reader 8.1.2 - 9.0 Vendor Patch : http://www.adobe.com/support/security/bulletins/apsb09-04.html Tested On : XP SP2 / SP3 from ZDI : http://www.zerodayinitiative.com/advisories/ZDI-09-014/ This vulnerability...