Open Positioner: my new project for tracking IT and security jobs

The idea of my new project is to retrieve the data from job-searching websites and provide better filtering, searching and visualization. I think for the most people who read this, searching for a job in Internet is a pretty common activity. Even if you are not going to change job right now, it...

ACD Systems Canvas Draw 4 FillSpan Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Google fined $57 million by France for lack of transparency and consent

The French data protection watchdog CNIL has issued its first fine of €50 million around $57 million under the European Union's new General Data Protection Regulation GDPR law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate informati...

modulemd uses an unsafe function for processing externally provided data

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...

Remote code execution

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...

PYSEC-2019-153

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...

FasterXML Jackson-databind Code Issue Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A security vulnerability exists in FasterXML Jackson-databind version 2.x prior to 2.9.8. An attacker can exploit the vulnerability to execute...

Xxe

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170...

Mozilla Firefox 63.0.1 - Denial of Service (PoC)

Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Date: 2018-11-29 Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version: Firefox 63.0.1 Tested on: Windows 10 CVE : No...

Microsoft Word doc File Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

F5 Networks BIG-IP : BIG-IP ASM data processing vulnerability (K38243073)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.3 / 12.1.3.2 / 13.1.0. It is, therefore, affected by a vulnerability as referenced in the K38243073 advisory. - On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may...

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK's Information Commissioner's Office ICO and was calculated using the UK's old...

Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...

Apache HTTP Server HTTP/2 'SETTINGS' Data Processing DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2018-17141

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...

Dispelling the Myths Surrounding Security Technology and GDPR

Many of our customers conducting business in Europe are concerned about how the new General Data Protection Regulation "GDPR" impacts the ability to protect their organization's data, network and IT system resources. In particular, many worry that the requirements of GDPR will restrict their...

Microsoft Windows D3DKMTSubmitCommand BasicRender Driver Out-of-bounds Memory Access Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of da...

Faraday v3.0 - Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

GHSA-XPM8-98MX-H4C5 Unsafe deserialization in MLAlchemy

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...