9293 matches found
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Description of the security update for the ATMFD.dll information disclosure vulnerability in Windows Server 2008: January 3, 2018
Description of the security update for the ATMFD.dll information disclosure vulnerability in Windows Server 2008: January 3, 2018 Summary An information disclosure vulnerability exists in Adobe Type Manager Font Driver ATMFD.dll when it fails to properly handle objects in memory. An attacker who...
GitLab: GitHub import allows user to create child group under existing namespace
When importing a GitHub repository on GitLab, a request is made to /import/github. The user is allowed to pass along a target namespace where they want to add the repository. In this process, the code will create the namespace if it doesn't exist already. However, this can be used to create a...
Genexis Automatic Provisioning System Access Control Vulnerability
The Genexis Automatic Provisioning System GAPS is a system for automatic configuration of routers and networks from the Dutch company GENEXIS. An access control vulnerability exists in GAPS 7.2 and earlier versions. An attacker can exploit this vulnerability to obtain configured setup information...
Sendroid < 6.5.0 - SQL Injection
Exploit Title: Sendroid - Bulk SMS Portal, Marketing Script 5.0.0 - 6.5.0 - SQL Injection Google Dork: "welcome to SMS portal" Date: 22/12/2017 Exploit Author: Onwuka Gideon Contact: http://twitter.com/@gideononwuka Vendor Homepage: http://ynetinteractive.com/ Software Buy:...
Patch Tuesday, December 2017 Edition
The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe's got another...
December 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
December 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
December 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
llvm/clang-fuzzer: Stack-buffer-overflow in clang::expandUCNs
Project: https://github.com/llvm/llvm-project.git Detailed report: https://oss-fuzz.com/testcase?key=5041559499177984 Project: llvm Fuzzer: libFuzzerllvmclang-fuzzer Fuzz target binary: clang-fuzzer Job Type: libfuzzerasanllvm Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...
The vulnerability of the Smart Network Configuration Manager’s automatic network configuration management system, related to authentication mechanisms that lack sufficient protection, allows attackers to circumvent network firewall restrictions.
The vulnerability of the Smart Network Configuration Manager’s automatic network configuration management system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to bypass network firewalls by using a Zebedee client that connects t...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...
Description of the security update for the information disclosure vulnerability in Windows Server 2008: December 12, 2017
Description of the security update for the information disclosure vulnerability in Windows Server 2008: December 12, 2017 Summary An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provide...
MistServer 2.12 Cross Site Scripting
Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...
EmbedInHTML - Embed and hide any file in an HTML file
What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...
Threat Outbreak Alert RuleID31400: Email Messages Distributing Malicious Software on November 22, 2017
Medium Alert ID: 56025 First Published: 2017 November 22 15:32 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31400 may contain the following files: Name |...
Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices
Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discover...