187 matches found
Android: DNS setup for developing and testing against local web services
Most "interesting" smartphone applications do not run only on the smartphone device; they rely on supporting web services that can be run both by the deploying organization and 3rd parties. One of the challenges we have run into when developing Android application is setting up a suitable...
CVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...
Design/Logic Flaw
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...
CVE-2021-28792
The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....
Acronis: Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]
Summary Hello, @acronis Team I hope you all doing well. during My recon, I found OPEN S3 BUCKET http://acronis.1.s3.amazonaws.com and this BUCKET has an ZIP file . and this file contains sensitive information about the internal system of Acronis. This Zip file Is from 2018. And it looks like it w...
Apple Xcode has an unspecified vulnerability
Apple Xcode is an integrated development environment provided by Apple for developers to develop applications for Mac OS X and iOS. Apple Xcode 12.4 contains a security vulnerability that could be exploited by attackers to access arbitrary files on the host device...
Eclipse Che Cross-Site Request Forgery Vulnerability (CNVD-2021-14164)
Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...
CVE-2020-9738
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
CVE-2020-9735
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
CVE-2020-9736
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
CVE-2020-9736
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
CVE-2020-9737
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
ALEA-2020:3054 new module: eclipse:rhel8
Eclipse is an integrated development environment IDE. This enhancement update adds the eclipse:rhel8 module to AlmaLinux The eclipse:rhel8 module provides Eclipse version 4.15, which is based on the Eclipse Foundation's 2020-03 release train. BZ1786637 For detailed information on changes in this...
new module: eclipse:rhel8
An update is available for icu4j, glassfish-annotation-api. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Eclipse is an integrated development environment IDE...
new module: eclipse:rhel8
Eclipse is an integrated development environment IDE. This enhancement update adds the eclipse:rhel8 module to AlmaLinux The eclipse:rhel8 module provides Eclipse version 4.15, which is based on the Eclipse Foundation's 2020-03 release train. BZ1786637 For detailed information on changes in this...
GReAT thoughts: Awesome IDA Pro plugins
The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...
The vulnerability of the Codehaus development environment of the JBoss Enterprise Application Platform allows a perpetrator to execute arbitrary code.
The vulnerability of the Codehaus development environment on the JBoss Enterprise Application Platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...