CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

JVN#01404851: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, an arbitrary code may...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Buffer Overflow Vulnerability in Multiple Stepok Products Processing TGA Files

Stepok Light Developer is a professional photo post-processing tool.Stepok Recomposit is a Chinese version of the photo compositing software.Stepok RAW Importer is a RAW file conversion software, you can convert RAW photos to JPG images, support for opening and converting most of the digital came...

portSpider - A Lightning Fast Multithreaded Network Scanner Framework With Modules

A lightning fast multithreaded network scanner framework with modules. modules: http - Scan for open HTTP ports, and get the the titles. mysql - Scan for open MySQL servers, and try to log in with the default credentials. mongodb - Scan for open MongoDB instances, and check if they are password...

Memory Corruption Vulnerability in Light Developer's Handling of TIFF Format Files

Stepok Light Developer is a professional photo post-processing tool with features that cover most of the needs of photography enthusiasts. A memory corruption vulnerability exists in Light Developer's handling of TIFF format files. An attacker can exploit this vulnerability by constructing a...

Memory Corruption Vulnerability in Light Developer's Handling of BMP Formats

Stepok Light Developer is a professional photo post-processing tool with features that cover most of the needs of photography enthusiasts. Light Developer handles BMP format memory corruption vulnerability, attackers can use the vulnerability to construct deformed BMP files can lead to program...

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

What are Javascript Source Maps?

Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...

Android Overlay and Accessibility Features Leave Millions at Risk

University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. The discovery was made by researchers at Georgia Institute of Technology, who call the researc...

CVE-2017-5176

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench CCW. The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVES...

JVN#96165722: WordPress plugin "WP Booking System" vulnerable to cross-site scripting

The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin according to...

Apple Revokes Certificate Used By OSX/Dok Malware

Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...

Android Security Bulletin—May 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

SquirrelMail Remote Code Execution Vulnerability Patched

Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...

CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-06039)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A security vulnerability exists in the core/admin/modules/developer/header.php file in Fastspot BigTree CMS 4.2.17 and earlier versions. A remote attacker can exploit this...

UBUNTU-CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps

Facebook’s Delegated Account Recovery, a protocol that allows applications to delegate account recovery permission to third-party applications, entered its beta phase today with the release of SDKs and additional support for new platforms. The feature has been running on a trial basis since late...