CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Allround Automations PL/SQL Developer v11 performs updates over HTTP

Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution Vendor: Innovation Gate GmbH Product web page: https://www.openwga.com Affected version: 3.1.0.r00147 Summary: The OpenWGA Developer Studio packages an OpenWGA CMS server together with all necessary development and deployment...

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution

Summary The OpenWGA Developer Studio packages an OpenWGA CMS server together with all necessary development and deployment tools to create, develop, deploy, share and maintain your OpenWGA CMS applications. Description The application suffers from an arbitrary code execution vulnerability when...

KLA10786 Code execution vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary cod...

forums.developer.apple.com XSS vulnerability

Vulnerable URL: https://forums.developer.apple.com/community/beta/os-x-10114-beta/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2016 Latest check for patch:|...

developer.zebra.com XSS vulnerability

Vulnerable URL: https://developer.zebra.com/community/technologies/mobilecomputing/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:|...

Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching

Previously On iOS Remote Hot Patching Apple’s detailed app review process has resulted in greater security for iOS apps made available through the App Store. However, this review process can be lengthy, which negatively impacts developers who need to quickly patch a buggy or insecure app. As a...

SideStepper iOS MDM Security Attack

Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprise...

Uber: Cross-site Scripting (XSS)

The website located at https://login.uber.com/applications suffers from a stored Cross-site Scripting XSS vulnerability. Reproduction Steps: Create a new application with name as the following vector, and try to delete the same app. Vector : " Note that the XSS payload has fired. Possible...

Uber: Reflected XSS on developer.uber.com via Angular template injection

developer.uber.com is vulnerable to reflected XSS via Angular template injection. The following url demonstrates the root issue using a trivial payload: https://developer.uber.com/docs/deep-linking?q=wrtz77 If you view the rendered source of the resulting page, you'll find the string 'wrtz49',...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions.

The vulnerabilities of the browser/devtools/devtoolsuibindings.cc and WebKit/Source/devtools/frontend/Runtime.js functions within the Developer Tools subsystem of the Google Chrome browser are related to deficiencies in access control. Exploiting these vulnerabilities allows a malicious actor to...

Google Android N Preview — 6 Cool Features That You Should Know

Android N Developer Preview, an early beta of Google’s new mobile operating system that was expected to launch on Google I/O in mid-May, is unexpectedly launching right now. Android N Developer Preview for the Nexus 6P, Nexus 5X, Nexus 6, Pixel C Nexus 9, the Nexus Player and the General Mobile 4...

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

Exploit for php platform in category web applications Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined...

General Motors: XSS Vulnerability in developer.gm.com

The gm developer website contained a parameter that allowed XSS injection. The vulnerable input parameter has been identified and remediated...

Fedora 23 : subversion-1.9.3-1.fc23 (2015-afdb0e8aaa)

This update includes the latest stable release of Apache Subversion, version 1.9.3. User-visible changes: Client-side bugfixes: svn: fix possible crash in auth credentials cache cleanup: avoid unneeded memory growth during pristine cleanup diff: fix crash when repository is on server root fix...

Rogue Chinese iOS App Removed from App Store

Apple removed an iOS application from its Chinese iTunes App Store that allowed users of non-jailbroken iOS devices to install pirated and jailbroken apps. Researchers at Palo Alto Networks, who discovered the rogue application, said the app was not malicious, but presented a serious security ris...

Debian DSA-3486-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. - CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. - CVE-2016-1624 lukezli discover...

[SECURITY] [DSA 3486-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3486-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 21, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3486-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a...