Google Silently Adds 'Panic Detection Mode" to Android 7.1 – How It's Useful

How often do you click the 'back' or the ‘Home’ button on your mobile device to exit an application immediately? I believe, several times in a single day because a large number of apps do not have an exit button to directly force-close them instead of going back and back and back until they exit...

Design/Logic Flaw

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker...

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

Shopify: XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app

This report is similar in impact, exploitability and root-cause as report 205701 requiring an additional step of user-interaction. Description The Shopify Embedded App SDK is used to facilitate limited interactions with parent page /admin/apps/$id from an embedded app within the shop admin...

LocalTapiola: show control page if you insert ' at http://viestinta.lahitapiola.fi/

Issue The reporter found that one error page that could be triggered had an outer "frame" that contained some administrative menus and a logoff-button. The menus were visible but as the user was not logged on, had no real functionality enabled. The logoff-button was mereley misinforming. Fix The...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

Command injection

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

Mozilla Firefox ESR 45.x < 45.6 Multiple Vulnerabilities

The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.6. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, such as when handling document state changes or HTML5 content, or else due to dereferencing alrea...

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

UBUNTU-CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

Cross-site scripting vulnerability in wordpress plugin entity-decode-button

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin entity-decode-button. The program fails to filter user-supplied input, allowing an attacker to...

Wordpress plugin content-glass-button has multiple cross-site scripting vulnerabilities

Content Glass is a social tool that allows website users to share widgets with peers-groups with page address fields or TLDs. The Wordpress plugin content-glass-button is vulnerable to an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web page...

Name of Backups Entry Does Not Match Job Name

Challenge The name of the backup job has been changed, causing entries found under the Backups node to no longer match their associated job. In the example screenshot above, the job was first run with the name "Backup Job 1," and after the initial run, the job was renamed to "DC Backup." The...

Automattic: Follow Button XSS

PoC 1 Open link 2 Click "Follow" in the bottom right-hand corner XSS Should work on any wordpress site with this Follow button. fbd.isLoggedIn must be equal to false. https://apps.wordpress.com/support/"scriptalertdocument.domain/script https://labs.spotify.com/"scriptalertdocument.domain/script...

How to Use Middle Button Paste Between Linux VDA and Linux Receiver

Windows doesn’t support middle button paste while Linux supports this function. In Linux Receiver, we have option to support middle button past in Windows VDA which is enabled by default. Middle button paste doesn’t work correctly between Linux VDA and Linux Receiver by default settings...

WordPress Claptastic clap! Button plugin has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.Claptastic clap! Button is one of the button plugins that selects everyone's favorite content by readers clicking on different buttons. WordPress Claptastic clap! Button plugin version 1.3 has multiple cross-si...

OLX: XSS on Home page olx.com.ar via auto save search text

Hi guys, I found XSS vulnerability on Home page olx.com.ar via auto save search text 1. Copy full link and go to the URL in browser: https://www.olx.com.ar/nf/search/xss%22-'%20%22%3E%3Ciframe/src%20////onload%20=%20alertdocument.cookie%20onerror=alertdocument.cookie 2. Click logo button go back ...