Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2783...

Joomla! Component Questions 1.4.3 - SQL Injection

Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

CVE-2018-11088

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the C...

CVE-2018-11086

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin...

Improper access control

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the C...

CVE-2018-11086

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin...

Gantry package 5.4.26 ,Other

Gantry package containing "Twig" library creates folders with improper folder permissions. On some servers this may lead to world writeable folders. see https://github.com/gantry/gantry5/issues/2363 https://github.com/twigphp/Twig/issues/2353 developer states not a security issue within their...

KLA11315 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in System.IO.Pipelines ca...

Debian DSA-4289-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by Rational Developer for i and Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in April 2018 CVE-2018-2783 and are included in the...

HackerOne: Self DOM-Based XSS in www.hackerone.com

Summary: There is a 'self' DOM-based cross-site scripting vulnerability in the contact form available on the www.hackerone.com website. This could allow an attacker to perform cross-site scripting, or other client-side attacks, against users of the application. However, the risk presented by this...

KisMac - Open Source Wireless Stumbling And Security Tool For Mac OS X

KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Whats new: Mac OS 10.9 - 10.12 64-bit only ARC 64-bit only New GUI Modern Objective-c syntax Rewrote most part of deprecated methods Remove debug info from release How Build: git clone...

[SECURITY] [DLA 1481-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u4deb8u1 CVE ID : CVE-2018-3620 CVE-2018-3646 Debian Bug : 906769 Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of...

CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

Code injection

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

CVE-2018-15869

CVE-2018-15869 relates to an AWS CLI usage issue where an AWS developer who omits the --owners flag while describing images could load an unvetted AMI from the public community catalog. The consequence is unintentional loading of an undesired or potentially malicious AMI. Public advisories (inclu...