21 matches found
EUVD-2013-0352
Malware in sbrugna...
Bridging the Security Knowledge Gap: Introducing AI ExplAIn for Imperva Cloud WAF
The challenge of maintaining robust web application security often comes down to communication. Security teams frequently spend countless hours explaining WAF blocking decisions to application developers who may lack security expertise. This communication gap not only creates friction between tea...
A Bootiful Podcast: 'Just Use Postgres!' author Denis Magda
Hi, Spring fans! In this installment we talk to Java and distributed database ninja Denis Magda about his new book, "Just Use Postgres!", which looks at how to wield Postgres for a variety of use cases that an application developer should know...
[SECURITY] Fedora 37 Update: openmpi-4.1.4-6.fc37
Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI in order to build the best MPI library available. A completely new MPI-2 compliant...
[SECURITY] Fedora 38 Update: openmpi-4.1.4-9.fc38
Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI in order to build the best MPI library available. A completely new MPI-2 compliant...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
vuln4japi A vulnerable Java based REST API for demonstrating C...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
Directory traversal
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
CVS/SVN User Disclosure
Concurrent Version System CVS and Subversion SVN provide a method for application developers to control different versions of their code. Occasionally, the developer's version or user information can be stored incorrectly within the code and may be visible to the end user either in the HTML or co...
PHP Utility Belt remote code execution vulnerability verification and analysis-vulnerability warning-the black bar safety net
! PHP Utility Belt is a tool for PHP application developers use a set of tools that can be used to test regular expressions and observed with pregmatch and pregmatchall function to match the observed pregreplate the result of the function; contains two words, two numbers with a capital letter and...
PSF-2014-1 CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
Google Adds Feature to Keep Malware Out of Chrome Web Store
Google is adding more security controls to its browser-based Chrome Web Store by adding a new application-vetting feature called ‘Enhanced Item Validation.’ For all intents and purposes, the search giant claims that the new policy will only impact application developers in that they will have to...
California Attorney General Fighting for Mobile Privacy Rights
UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies hand...
California Attorney General Puts Mobile App Developers on Notice
California Attorney General Kamala D. Harris today announced a crackdown on mobile application developers and companies that haven’t posted privacy policies, at least where users can easily find them. The attorney general is giving recipients 30 days “to conspicuously post a privacy policy within...
Twitter to Update API to Require Authentication
In order to limit malicious use, Twitter is closing ranks around its API and requiring application developers use authentication in its upcoming new release. The company announced Thursday afternoon in a blog post that it was introducing new restrictions in v1.1 to create a “more consistent Twitt...
Mantra: A Browser based Security Framework !
Mantra is a dream that came true for the author. It is a collection of free and open source tools integrated into a web browser – Firefox, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and...
Android Update Adds Protection From Mobile Clickjacking
Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements. The compa...