CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

Information disclosure

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

Abuse of Apple Search Ads Feature Leading to Fraud

Apple has removed one of its top 10 grossing productivity apps after an independent developer’s story about fraudsters’ abuse of the App Store’s Search Ads functionality went viral. Search Ads is a new feature available to iOS developers that allows them to invest in the promotion of their apps...

JVN#51355647: WordPress plugin "WP-Members" vulnerable to cross-site scripting

The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected WP-Members...

JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...

CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

CVE-2017-9448

Cross-site scripting XSS vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged...

JVN#01404851: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, an arbitrary code may...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Buffer Overflow Vulnerability in Multiple Stepok Products Processing TGA Files

Stepok Light Developer is a professional photo post-processing tool.Stepok Recomposit is a Chinese version of the photo compositing software.Stepok RAW Importer is a RAW file conversion software, you can convert RAW photos to JPG images, support for opening and converting most of the digital came...

portSpider - A Lightning Fast Multithreaded Network Scanner Framework With Modules

A lightning fast multithreaded network scanner framework with modules. modules: http - Scan for open HTTP ports, and get the the titles. mysql - Scan for open MySQL servers, and try to log in with the default credentials. mongodb - Scan for open MongoDB instances, and check if they are password...

Memory Corruption Vulnerability in Light Developer's Handling of TIFF Format Files

Stepok Light Developer is a professional photo post-processing tool with features that cover most of the needs of photography enthusiasts. A memory corruption vulnerability exists in Light Developer's handling of TIFF format files. An attacker can exploit this vulnerability by constructing a...

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...

Memory Corruption Vulnerability in Light Developer's Handling of BMP Formats

Stepok Light Developer is a professional photo post-processing tool with features that cover most of the needs of photography enthusiasts. Light Developer handles BMP format memory corruption vulnerability, attackers can use the vulnerability to construct deformed BMP files can lead to program...

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

What are Javascript Source Maps?

Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...

Android Overlay and Accessibility Features Leave Millions at Risk

University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. The discovery was made by researchers at Georgia Institute of Technology, who call the researc...

CVE-2017-5176

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench CCW. The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVES...