Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11831 DESCRIPTION: The PharStreamWrapper package as used in Typo3 and Drupal could allow a remote attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a...

CVE-2019-11770

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...

CVE-2019-11770

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...

JVN#80925867: WordPress Plugin "Contest Gallery” vulnerable to cross-site request forgery

WordPress Plugin "Contest Gallery” provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

KLA11501 Security UI vulnerability in Microsoft Developer Tools

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2019-0996 Related products Microsoft-Azure CVE list CVE-2019-0996 warning KB list Solution Install necessary updates from the KB section...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

Apple Launches Privacy-Focused 'Sign in with Apple ID' Feature at WWDC 2019

Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect...

Magic: CSRF in generating developer api_key

Hi At https://dashboard.forttmatic.com when developer tries to generate new apikey for his application, a POST request is sent to https://api.forttmatic.com which doesn't have any tokens to guard against CSRF attacks. CSRF POC : history.pushState'', '', '/' On submitting the above request, a new...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-10911 DESCRIPTION: Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw in the cookie management. By using a specially-crafted cookie, an attacker could...

EquityPandit 1.0 Password Disclosure

Exploit title: EquityPandit v1.0 - Insecure Logging Date:27/05/2019 Exploit Author: ManhNho Software name: "EquityPandit" Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit Version: 1.0 Category: Android apps Description: - Sometimes developers keeps sensiti...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11034 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exifprocessIFDTAG function in the EXIF extension. By persuadin...

Developer Day 2019

Carbon Black is proud to announce its second annual Developer Day to be held on June 3, 2019, one day prior to the annual CB Connect 2019 user conference. Customers and partners worldwide will converge at the Hotel del Coronado in San Diego, California, to hear from Carbon Black employees and...

SecurityRAT - Tool For Handling Security Requirements In Development

OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...

KLA11485 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, gain privileges, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A deni...

RHEL 6 : chromium-browser (RHSA-2019:1021)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1021 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 74.0.3729.108. Security Fixes:...

chromium-browser: Incorrect escaping in developer tools

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard...

openSUSE Security Update : chromium (openSUSE-2019-1325)

This update for chromium fixes the following issues : Chromium was updated to 74.0.3729.108 boo1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use afte...

Arbitrary Code Execution

Firefox and Firefox ESR are vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable Developer Tools component to allow code execution when opening a malicious page with the style editor tool due to improper sanitization of the web page source...

Privilege Escalation

Firefox is vulnerable to privilege escalation attacks. The JSON viewer in the Developer Tools use insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data which allows a remote user to monitor the network and obtain potentially sensitive information in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - October 2018

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by Rational Developer for i and Version 7 that is used by Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in October 2018 CVE-2018-3180...