CVE-2017-7798

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR 52.3 and...

Security vulnerabilities fixed in Firefox 55 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users

From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business...

Copyfish Browser Extension Hijacked to Spew Spam

A popular free optical character recognition OCR extension for web browsers called Copyfish was hijacked by attackers who used the extension to spew spam. In a statement released Sunday by distributor A9t9 Software, it was only the Google Chrome extension that was hijacked. Other versions of...

Someone Hijacks A Popular Chrome Extension to Push Malware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents...

CVE-2017-9485

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to write arbitrary data to a known /var/tmp/sess pathname by leveraging the device's operation in UI dev mode...

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

Superior and safe user experiences with the Akamai Cloud Delivery Platform

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...

CVE-2017-1000092

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

CVE-2017-2234

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges...

Non-documented developer's screen in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains non-documented developer's screen. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Information disclosure

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

Abuse of Apple Search Ads Feature Leading to Fraud

Apple has removed one of its top 10 grossing productivity apps after an independent developer’s story about fraudsters’ abuse of the App Store’s Search Ads functionality went viral. Search Ads is a new feature available to iOS developers that allows them to invest in the promotion of their apps...

JVN#51355647: WordPress plugin "WP-Members" vulnerable to cross-site scripting

The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected WP-Members...