863 matches found
CVE-2017-6507
CVE-2017-6507 affects AppArmor prior to 2.12, where unknown profiles could be mishandled during restart operations in AppArmor init scripts, upstart jobs, and/or systemd unit files. The root cause is the common logic that removes profiles not found in standard locations (e.g., /etc/apparmor.d) wh...
AXIS Communications XSS / Content Inclusion Vulnerabilities
Exploit for hardware platform in category web applications Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name: CVE-2015-8258 -...
AXIS Communications Cross Site Request Forgery
0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management control CWE-352 - CVE Name: CVE-2015-8255 - Affecte...
AXIS Communications XSS / Content Inclusion
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
AXIS Communications Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management control CWE-352 - CVE Name: CVE-2015-8255 - Affected Versions: - I...
AXIS (Multiple Products) - Cross-Site Request Forgery
AXIS Multiple Products - Cross-Site Request Forgery 0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management...
AXIS Communications - Cross-Site Scripting Content Injection
AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...
AXIS Communications - Cross-Site Scripting / Content Injection
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...
PT-2017-4331 · Hikvision · Hikvision Ds-2Cd2432F-Iw
Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2432F-IW affected versions not specified Description: The issue is related to the use of a default SSID without WiFi encryption or authentication in Hikvision IP cameras. This can allow a remote attacker to gain elevated...
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=849 As already discussed in a number of reports in this tracker 285, 286, 287, 288, 289, 292, VMware Workstation current version 12.1.1 build-3770994 ships with a feature called "Virtual Printers", which enables the virtualized...
Unsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a Hot Market
Risks Posed by Sensitive Corporate Communications, Broadened Attack Surface In 2015, a record $5 trillion dollars was tied up in mergers and acquisitions M&A deals, according to JP Morgan. So far, mega deals in 2016 include Microsoft’s purchase of LinkedIn, Shire’s acquisition of Baxalta, and...
Unsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a Hot Market
Risks Posed by Sensitive Corporate Communications, Broadened Attack Surface In 2015, a record $5 trillion dollars was tied up in mergers and acquisitions M&A deals, according to JP Morgan. So far, mega deals in 2016 include Microsoft’s purchase of LinkedIn, Shire’s acquisition of Baxalta, and...
Oracle EBusiness Suite 'Massive' Attack Surface Assessed
LAS VEGAS—Buried in the pages of the secure configuration guide for Oracle EBusiness Suite 11i is a declaration that SQL injection just isn’t a thing for the ubiquitous enterprise software. “Of the many potential SQL injections we have seen reported, we have yet to find a single confirmed example...
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
In the past several years, a flood of vulnerabilities has hit industrial control systems ICS – the technological backbone of electric grids, water supplies, and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking...
AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector
Exploit for linux platform in category web applications Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products Authenticated Remote Command Execution via devtools vector + Vendor: AXIS Communications + Research and Advisory: Orwelllabs ...
AXIS Authenticated Remote Command Execution
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products...
Informatica: [oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated
Issue The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carr...
Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip
Several vulnerabilities were fixed this week in the file archiver 7-Zip that could have led to arbitrary code execution and file corruption. The developer behind the tool-which is open source and can be used with any compression, conversion, or encryption method-is urging users to update to the...
From 0 to TrustZone in the second article: the QSEE mention the right vulnerability and the use of CVE-2 0 1 5-6 6 3 9-a vulnerability warning-the black bar safety net
! In this article, we discuss how to find and exploit a vulnerability, access to Qualcomm secure execution environmentQSEEof the code execute permissions. Related reading From 0 to TrustZone first article: explore the high-pass SEE safe executable environment QSEE attack surface In a previous...