Sandcat Browser 5.3 - PenTest Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

Error: "Untrusted Enterprise Developer" When Launching Secure Apps on iOS

Users who have upgraded their Apple devices to iOS 9 are unable to launch Secure Apps. The apps appear to be greyed out. When the user clicks on Secure Apps, the following error message is displayed: “Untrusted Enterprise Developer” Users with older iOS versions are prompted to trust the...

New Google Tools Help Devs Improve Content Security Policy Protection

Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution Vulnerability

OpenWGA Developer Studio is all the development and deployment tools necessary to create, develop, deploy, share and maintain OpenWGA CMS applications packaged together with OpenWGA CMS Server. An arbitrary code execution vulnerability exists in OpenWGA Developer Studio. The vulnerability allows...

Boozt Fashion AB: ADB Backup is enabled within AndroidManifest

ADB Backup is enabled for this app. ADB Backup feature is a good tool for backing up all of your files. If it's enabled, malicious users who have your phone can copy all of the sensitive data for this app in your phone. Requirement: Unlock phone's screen; Enable the developer mode. Sensitive data...

CVE-2016-5814

CVE-2016-5814 is a classic buffer overflow in Rockwell RSLogix products (Micro Starter Lite/Dveloper; RSLogix 500 Starter/Standard/Professional) triggered by parsing malicious RSS project files. The vulnerability is a CWE-120 flaw that allows code execution when a local user opens a crafted RSS f...

JVN#18926672: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Impact Information stored in the database may be obtained or altered by a remote attacker...

New Relic: HOST HEADER INJECTION in rpm.newrelic.com

hello to all professionals Greetings i have found a host header injection vulnerability in your website vulnerable url :- rpm.newrelic.com the host header can be changed to something outside the target domain In many cases, developers are trusting the HTTP Host header value and using it to genera...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

CVE-2016-5164

Removed by vendor...

CVE-2016-5165

CVE-2016-5165 is a Cross-site Scripting vulnerability in Google Chrome’s DevTools (DevTools subsystem) allowing remote attackers to inject arbitrary web script or HTML via the settings parameter of a chrome-devtools-frontend.appspot.com URL query string. Affected: Google Chrome on Windows, macOS ...

BigTree-CMS 4.2.x < 4.2.9 Multiple Vulnerabilities

Binary data 9556.prm...

Debian Security Advisory DSA 3660-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5147 A cross-site scripting issue was discovered. CVE-2016-5148 Another cross-site scripting issue was discovered. CVE-2016-5149 Max Justicz discovered a script injection issue in extension handling. CVE-2016-5150 ...

DSA-3660-1 chromium-browser - security update

Bulletin has no description...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

JVN#67266823: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack...

JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability

Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...