687 matches found
iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs...
PT-2019-16941 · Ibm · Ibm Security Information Queue
Name of the Vulnerable Software and Affected Versions: IBM Security Information Queue ISIQ versions 1.0.0 through 1.0.2 Description: The issue arises from the missing HTTP Strict Transport Security header in the affected software. This allows users to potentially navigate to the unencrypted versi...
SQL Injection Vulnerability in Tpshop v3.5 To***.php Page
Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...
CVE-2018-18979
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...
CVE-2019-2671
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2019-2648
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Casino Goes All In and Wins Big with Imperva Security
There’s no good time to be hit by ransom-seeking DDoS attackers. For one casino-entertainment provider, the timing was particularly bad — right before one of its largest online poker events in 2016. The casino, which generates multiple billions in revenue per year, leveraged Imperva’s emergency...
Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36164)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...
nodejs: Unintentional exposure of uninitialized memory
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...
PT-2019-4610 · Samba +1 · Samba +1
Name of the Vulnerable Software and Affected Versions: Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1 Description: A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the instal...
CVE-2018-19513
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...
CVE-2017-1713
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...
Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor
SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...
Luas data ransom: the hacker who cried wolf?
In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the rep...
The vulnerability of the X Window System Xorg-server on the Astra Linux operating system allows a hacker to gain access to confidential data.
The vulnerability of the X Window System Xorg-server on the Astra Linux operating system is related to the lack of restrictions on the use of XungrabKeyboard and XgrabKeyboard functions for untrusted users, allowing the implementation of software tools with “keylogger” functionality. Exploiting...
IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2018-24627)
IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Securi...
PT-2018-3814
Name of the Vulnerable Software and Affected Versions libpcap versions prior to 1.9.1 Description The issue is related to the sf-pcapng.c component in the libpcap library, which does not properly validate the PHB header length before allocating memory. This allows a remote attacker to impact data...
CVE-2018-2990
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Integration Broker. Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre.
Summary IBM has released the following VM v2.0.1 for IBM Data Risk Manager in response to CVE-2017-5753 and CVE-2017-5715. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 Affected Products and Versions IBM Data Risk Manager - 2.0.0 Remediation/Fixes Customers must install IBM Data...
ZEIT Next.js Directory Traversal Vulnerability (CNVD-2018-03103)
ZEIT Next.js is an open source general-purpose webapps development framework . A directory traversal vulnerability exists in ZEIT Next.js version 4 prior to 4.2.3. An attacker can exploit this vulnerability to access front-end JavaScript components or possibly obtain sensitive data...