PHP 4.2.0 / 4.2.1 Remote Compromise / Denial Of Service Vulnerability

PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server. Advisory: Remote Compromise/DOS Vulnerability in PHP Author: Stefan Esser email protected Application: PHP 4.2.0,...

[SECURITY] [DLA 1147-1] exiv2 security update

Package : exiv2 Version : 0.23-1+deb7u2 CVE ID : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 Debian Bug : 876893 The exiv2 library is vulnerable to multiple issues that can all lead to denial of service of the applications relying on the library to parse images...

developer.flightstats.com XSS vulnerability

Open Bug Bounty ID: OBB-369499 Description| Value ---|--- Affected Website:| developer.flightstats.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventi...

Multiple XSS Filter Bypasses in validator

Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test Incomplete...

Kaltura - Remote Code Execution and Cross-Site Scripting

1 Unauthenticated Remote Code Execution through unserialize from cookie data Because of a hardcoded cookie secret, the cookie signature validation can be bypassed and malicious user input can be passed via the 'userzone' cookie to the unserialize function: abstract class kalturaAction extends...

HDW Player,4.0.0, RCE

HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...

Mac malware OSX.Proton strikes again

The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website. At this time, it is still unknown how long their website was providing the hijacked app. Proton was silently...

developer.yahoo.com XSS vulnerability

Vulnerable URL: http://developer.yahoo.com/r3nw4--\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline...

Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System APFS volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein th...

[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.15-1.fc27

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

Design/Logic Flaw

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...

Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...

KLA11849 ACE vulnerability in Microsoft Developer Tools

A memory corruption vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11767 Related products ChakraCore CVE list CVE-2017-11767 critical KB list Solution Install necessary updates from the K...

Fedora 25 : mimedefang (2017-15ad4721e3)

MIMEDefang 2.81 =============== - Don't barf if the installed version of Sys::Syslog has a developer tag added like 0.3301 on Debian Stretch. - Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael...

JVN#76692689: SEIL Series routers vulnerable to denial-of-service (DoS)

The IPsec/IKE function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may result in a temporary failure of the device's encrypted communication...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Micro Focus Enterprise Developer and Enterprise Server Path Traversal Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...