7418 matches found
Code injection
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
CVE-2018-15869
CVE-2018-15869 relates to an AWS CLI usage issue where an AWS developer who omits the --owners flag while describing images could load an unvetted AMI from the public community catalog. The consequence is unintentional loading of an undesired or potentially malicious AMI. Public advisories (inclu...
CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)
Summary IBM API Connect has fixed the following vulnerability. API Connect is impacted by vulnerabilities addressed in the Drupal 8 advisory https://www.drupal.org/SA-CORE-2018-005 Vulnerability Details CVEID: CVE-2018-14773 DESCRIPTION: Drupal Core could allow a remote attacker to bypass securit...
New Android Malware Framework Turns Apps Into Powerful Spyware
Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled...
Grab: Leaking sensitive information on Github lead full access to all Grab Slack channels
Summary: Accidental leakage of secret keys in such code repositories is a real problem, after my report 387117, I decided to dig deeper than the previous report and looking to some random profiles in Github, and doing some dirty work I was able to access to the developer’s company’s internal chat...
Misconfigured backup leads to exposure of 50.5 million GOMO Mobile customers
By Waqas The same company was once caught spying on its Keyboard app users. GOMO, which is also known as Sungy Mobile, is a well-known Chinese mobile app and software developer company. It is famous worldwide for GO series applications Yes, the developers of popular GOKeyboard app that was caught...
IBM API Connect Server-Side Request Forgery Vulnerability
IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A server-side request forge...
Server side request forgery (ssrf)
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...
CVE-2018-1712
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...
CVE-2018-1712
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...
CVE-2018-1712
IBM API Connect Developer Portal versions 5.0.0.0–5.0.8.3 are vulnerable to Server-Side Request Forgery (SSRF). The vulnerability arises from input parameters that can cause the server to issue requests inside the trusted network. IBM’s Security Bulletin confirms remediation in Version 5.0.8.3 iF...
KLA11305 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostic Hub Standard Collector can be...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-2783 and CVE-2018-2814)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Developer for z Systems. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details | Subscribe to My Notifications to be notified of important product...
CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-17503)
CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in CA API Developer Portal version 4.x, versions prior to 4.2.5.3, and versions prior to 4.2.7.1, which originates when the program...
J-Business Directory,4.9.3,SQL Injection
jBusiness Directory from CMS Junkie,4.9.3 and previous versions, SQL Injection, XSS resolution: update to 4.9.4 update notice: http://www.cmsjunkie.com/blog/joomlabusinessdirectory4-9-4release/ Note that the developer did not inform the VEL...
Cross site scripting
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...