IBM Watson Developer Cloud Weak Password Vulnerability

IBM Watson is a set of technology platforms from the American company IBM, and an outstanding representative of cognitive computing a new computing paradigm that encompasses a large number of technological innovations in the fields of information analytics, natural language processing and machine...

Design/Logic Flaw

The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

Google finally announces Android N's name and It's not Nutella

No, it's not Nutella. Google has finally announced the official name of the latest version of its Android mobile software, codenamed Android N: "Nougat." Yes, the next version of sugary snack-themed Android and the successor to Android Marshmallow will now be known as Android Nougat, the company...

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...

Patrick Wardle on macOS Gatekeeper, Crypto Enhancements

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

Debian DSA-3594-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. - CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. - CVE-2016-1698 Rob Wu discovered an information leak. -...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

CVE-2016-1699

Removed by vendor...

Debian Security Advisory DSA 3594-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1698 Rob Wu discovered an information leak. CVE-2016-1699...

DSA-3594-1 chromium-browser - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...

JVN#32218514: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

NetCommons vulnerable to privilege escalation

Overview NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user wi...

JVN#00460236: NetCommons vulnerable to privilege escalation

NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Impact A user with secretariat privileges "CLERK" may create a user with system administrator privileges "SYSTEMADMIN". Solution Update the Software Update the software according to the information provid...

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

KLA10802 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2016-0149 Related products Microsoft-.NET-Framework CVE list CVE-2016-0149 warning KB list 3156421 3156387 314202...