September 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

Internet Bug Bounty: Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools)

Hello, This PoC is using a simple yet powerful trick to detect when Little Flocker, Little Snitch, HandsOff! or BlockBlock window appear then automatically click on the "Allow" button by calculating the distance so it works pretty well on every resolution. The window only appear for a fraction of...

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin

An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in the Product Vendors plugin, which allows an existing ecommerce site to support multiple vendors,...

Microsoft Word vulnerability: hackers can use the automatic update link to install the malicious software-vulnerability warning-the black bar safety net

According to foreign media news, the SANS Internet Center a freelance security consultant and Handler in Microsoft Word, found a very interesting vulnerability that allows an attacker to abuse the Word program to automatically update the link function. This is one of the default start function,...

gnutls: Use-of-uninitialized-value in __gmpz_invert

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=4734766895071232 Project: gnutls Fuzzer: libFuzzergnutlsprivatekeyparserfuzzer Fuzz target binary: gnutlsprivatekeyparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type:...

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

CVE-2017-10125

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly...

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

Threat Outbreak Alert RuleID30073: Email Messages Distributing Malicious Software on August 2, 2017

Medium Alert ID: 54720 First Published: 2017 August 3 19:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30073 may contain the following files: Name | Si...

HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers

Potential Security Impact Potential exposure of SMTP credentials when configuring HP Designjet and HP Latex printers. Reported by: Nicodemo Gawronski VULNERABILITY SUMMARY HP has identified a potential security vulnerability with some HP Designjet and HP Latex printers that may expose the...

XenMobile : Control OS update policy FAQ

Control OS policy The Control OS Updates device policy lets you deploy the latest OS updates to supervised iOS devices. You can specify how frequently XenMobile checks the device OS and deploys updates. ​There are two options -: 1. Download Only This option will just download OSupdate and custome...

condorselfdrive.co.uk XSS vulnerability

Vulnerable URL: http://www.condorselfdrive.co.uk/vehicle-hire-scotland/car-hire/180888-toyota-aygo-automaticbooking Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2996102 VIP websi...

RastLeak - Tool To Automatic Leak Information Using Hacking With Engine Searches

Tool to automatic leak information using Hacking with engine searches. How to install Install requirements with: pip install -r requirements.txt How to use: python rastleak.py Usage: $ python rastleak.py -h usage: rastleak.py -h -d DOMAIN -o OPTION -n SEARCH -e EXT -f EXPORT This script searchs...

Fedora 26 : openvpn (2017-f8a114cd09)

Updates to the latest upstream OpenVPN 2.4.3, containing security updates for CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521. This update also re-enables automatic restart of OpenVPN on the next updates. For this update, the restart needs to be done manually. Note that Tenable Network Security ha...

July 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

July 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local File Inclusio...

dlplibs: Container-overflow in libvisio::VSDContentCollector::_generateBezierSegmentsFromNURBS

Detailed report: https://oss-fuzz.com/testcase?key=6337251178971136 Project: dlplibs Fuzzer: libFuzzerdlplibsvsdfuzzer Fuzz target binary: vsdfuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Container-overflow READ 8 Crash Address: 0x606000000590 Crash State:...

Totally Automatic LFI Exploiter & Scanner: LFISuite

Totally Automatic LFI Exploiter & Scanner LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local Fil...