data.rcdcomponents.com XSS vulnerability

Open Bug Bounty ID: OBB-690513 Description| Value ---|--- Affected Website:| data.rcdcomponents.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

Delta Sql 1.8.2 - Arbitrary File Upload

Exploit Title: Delta Sql 1.8.2 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link: http://deltasql.sourceforge.net/deltasql/...

Best Practices for Endpoint Detection and Response

There are many elements that can complicate enterprise security efforts. From the increasing sophistication of cybercriminal strategies and activities to the wide range of components connected to the network, data protection and infrastructure security has become an uphill battle. Another key...

CVE-2018-18608

Summary of CVE-2018-18608 (DedeCMS 5.7 SP2) : A cross-site scripting vulnerability exists in the GetPageList function (include/datalistcp.class.php) used to render the bottom page-number list, exploitable via PATH_INFO on endpoints such as /member/index.php, /member/pm.php, /member/content_list.p...

New Relic: Swiftype key stored in JavaScript source

Hi, I am surfing on the newrelic website. I found a sensitive data including authentication key written in public accessible javascript file. Some 3rd party solution SwiftType newrelic using for crawling or search/suggestion. below is the link where you can find the authkey. which would be able t...

SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2018:3074-2)

This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. FATE325659 bnc1108308 This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will...

Unspecified Vulnerability in Oracle Fusion Middleware Business Intelligence Enterprise Edition

Oracle Fusion Middleware Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collections and other features. business Intelligence Enterprise Edition is one of the components for the...

Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36169)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2019-28257)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

CVE-2018-3208

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion subcomponent: Access and Security. The supported version that is affected is 11.1.2.4.345. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hyperion Da...

CVE-2018-3217

CVE-2018-3217 is a vulnerability in the Oracle Outside In Technology component (Outside In Filters) used by Oracle Fusion Middleware. Affected product context in connected docs includes IBM FileNet Content Manager and Rational DOORS Next Generation leveraging Outside In Technology 8.5.3/8.5.4. Th...

CVE-2018-15593

Ivanti CVE-2018-15593 affects Ivanti Workspace Control and RES One Workspace prior to 10.3.10.0. A local authenticated user can decrypt the encrypted datastore or relay server password via an unspecified attack vector, exposing sensitive credentials. Affected products: Ivanti Workspace Control (b...

CVE-2018-18071

The CVE concerns Daimler Mercedes-Benz Me app for iOS (version 2.11.0-846). The issue is the encrypted Connected Vehicle API data exchange between the app and its server, which could be intercepted. This could allow misuse of the Remote Parking Pilot, vehicle unlocks, or access to sensitive data ...

CVE-2017-5658

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...

Cybersecurity Threats to Precision Agriculture

DHS has released a report to address cybersecurity threats to new precision agriculture technologies used in crop and livestock production. Precision agriculture employs a variety of embedded and connected technologies to generate data used to enhance agricultural and livestock management. As...

CVE-2018-1498

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223...

Accelerating PCI Data Security Standard projects with Deep Security as a Service

Does your organization need to meet PCI DSS requirements? Are you struggling with multiple security tools? Or stretching your already overstretched team to prepare for an audit? Time to hit the accelerator with Trend Micro! If your applications deal with credit or payment card data, you need to g...

Almost Every Major Free VPN Service is a Glorified Data Farm

By John Mason If you are a VPN user it is time to come out from the myth that every VPN is here to secure your privacy. Internet censorship is on the rise, and data from Freedom on the Net, based on an annual assessment of the situation of Internet freedom in 65 countries, reveals that not only …...

Imperva Joins Global Cybersecurity Tech Accord

Imperva is dedicated to the global fight to keep people's data and applications safe from cybercriminals. What this means for our Imperva Threat Research team is that we spend a lot of time researching new cyber attacks, creating mitigations and writing powerful software. We believe that nothing...

CVE-2017-18280

CVE-2017-18280 : In Snapdragon platforms (Automobile, Mobile, Wear) across listed SoCs, a trusted application that has opened an SPI/I2C interface to a device could allow another trusted application to read data via the SPI/I2C read function. The initial disclosures list the affected families (e....