CVE-2013-4209

The CVE-2013-4209 entry concerns Red Hat ABRT (Automatic Bug Reporting Tool) before 2.1.6. The vulnerability allows a local attacker to obtain sensitive information from arbitrary files via vectors related to sha1sums, resulting in a partial confidentiality impact. Affected software: ABRT prior t...

Open-Xchange: Referer in /servlet/TestServlet

Hi. No encode referer URL in https://sandbox.open-xchange.com/servlet/TestServlet You check , but i think you need just replace Steps 1. Upload file 2. Change mimetype to "file":"filemimetype":"text/x-javascript" 3. Share to All or Link, but then need insert Iframe, same as in 342585 4. Make URL...

Updates for BASS

This blog post was authored by Jonas Zaddach and Mariano Graziano. Cisco Talos has rolled out a series of improvements to the BASS open-source framework aimed at speeding up its ability to provide coverage for new malware families. Talos released BASS, pronounced "bæs" an open-source framework...

Microsoft Office: Enable Automatic Updates

This test checks the setting for policy Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...

Buffer Overflow Vulnerability in HOLLYWOOD LE5109L PLCs

HELISE Group is a professional automation company integrating R&D, production, sales and technical service. With integrated Ethernet, PROFIBUS-DP, RS232 and RS485 interfaces, HELISE's PLCs have been widely used in electric power, chemical industry, metallurgy, energy and other fields. A buffer...

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft each released critical fixes for their products today, a.k.a "Patch Tuesday," the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in...

CVE-2018-9037

Monstra CMS 3.0.4 allows remote code execution via an uploadfile request for a .zip file, which is automatically extracted and may contain .php files...

April 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

April 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

Description of the security update for vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: April 10, 2018

Description of the security update for vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: April 10, 2018 Summary A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affect...

Servicing stack update for Windows 10, version 1709: April 10, 2018

Servicing stack update for Windows 10, version 1709: April 10, 2018 Summary This update makes stability improvements for the Windows 10, version 1709 servicing stack. How to get this update Method 1: Windows Update This update will be downloaded and installed automatically. Prerequisites There ar...

HackerOne: CSRF at [Apply to this program] that lead to submit your request automatic with out any validations

Hi , the behavior found in some of programs that need to Apply to this program like @hackthedts this program need to your submit Application before start found/send bug to them . this button have no any validations/check protect for CSRF bug , that can lead to auto apply to program by used this...

Microsoft Security Essentials RCE Vulnerability (Apr 2018)

This host is missing a critical security update according to Microsoft Security Updates released for Microsoft Malware Protection Engine MPE dated 03-04-2018 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SUSE-SU-2018:0859-1 Security update for krb5

This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free bsc1056995. - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data bsc1083926...

GitStack - Unsanitized Argument Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unsanitized Argument RCE', 'Description' = %q This module exploits a remote cod...

gdal/gdal_translate_fuzzer: Index-out-of-bounds in reduce

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5721041381883904 Project: gdal Fuzzer: libFuzzergdaltranslatefuzzer Fuzz target binary: gdaltranslatefuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: Index-out-of-bounds Crash Address:...

DefenseMatrix - Full security solution for Linux Servers

Full security solution for Linux Servers. SCUTUM is to be added into DefenseMatrix Project After consideration, SCUTUM, as a nice firewall controller, is to be added into DefenseMatrix. It will soon replace the iptables controller and arptables controller in DefenseMatrix. Expect lots of...

March 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

November 14, 2017—KB4052314 Update for Windows 10 Mobile (OS Build 15254.12)

November 14, 2017—KB4052314 Update for Windows 10 Mobile OS Build 15254.12 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. This build includes all the improvements from KB4048954. If you installed earlier...

[SECURITY] Fedora 27 Update: clamav-0.99.4-1.fc27

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...