@Base - Critical - Unsupported - SA-CONTRIB-2017-040

Provide some more API for developer to work with Drupal 7. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...

SilverStripe CMS 3.1.9 Path Disclosure

https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html Date: 04-Apr-2017 Product: SilverStripe CMS Versions affected: 3.1.9 and below. Vulnerability: Path disclosure. Example URL: http://target/dev/build/ Path reported: /home/target/publichtml/framework/dev/DebugView.php...

Github Repository Owners Targeted by Data-Stealing Malware

Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots. Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were...

How to bypass the latest Microsoft Edge patch and continue to spoof the address bar to load a malicious warning page-bug warning-the black bar safety net

Overview On Tuesday, Microsoft pushed out a major patch to fix many major security holes, which greatly improve the Edge of the browser developers and the security of reputation. But I hope that Microsoft is able to convince those who still follow the absurd IE policy of the old school, or at lea...

Private - Critical - Access bypass - DRUPAL-SA-CONTRIB-2017-031

This module enables you to mark nodes as private so that they are only accessible to users that have been granted an extra permissions. The module doesn't always enforce the access restrictions. In some cases a node that a site admin expects to be private is actually accessible as normal or nodes...

KLA11833 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows Graphics Component can be...

Designed to pit people up! The outlaws are a large number of the abuse of Apple's iOS enterprise certificate-vulnerability warning-the black bar safety net

Not molecule by abuse or the purchase of the corporate certificate packing illegal Apps through itms:services://?, the Online install ipa ,across the Appstore in the form, spread a large number of jurisprudence involved in gambling applications, designed to pit the Chinese people! Include...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...

CVE-2015-8815

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

GOM Player 2.3.10.5266 - .fpx Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption .fpx Date: 2017-02-15 Exploit Author: Peter Baris Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip Software Link: http://player.gomlab.com/download.gom?language=eng CVE:...

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

Google Touts Progress in Android Security in 2016

SAN FRANCISCO–Google has a daunting task of scanning 750 million Android devices daily for threats and checking 6 billion apps for malware each day as part of its management of 1.6 billion active Android devices. The numbers are staggering for Adrian Ludwig, director of Android Security; six year...

JVN#88176589: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability. Impact A remote unauthenticated attacker may perform an arbitrary...

JVN#87662835: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Impact If a user accesses a malicious web page, arbitrary code may be...

Popular iOS Apps Vulnerable to TLS Interception Attacks

Dozens of iOS mobile banking, medical and other applications handling sensitive user information are vulnerable to man-in-the-middle attacks where TLS traffic can be intercepted. Of the 76 apps analyzed by Sudo Security Group, 19 are considered high-risk where financial or medical credentials, or...

Debian Security Advisory DSA 3776-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue...

Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...