8751 matches found
Intel SGX SDK Double Release Vulnerability
Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from the U.S. company Intel Intel. A double release vulnerability exists in Intel SGX SDK. An attacker could exploit this vulnerability to disclose information...
Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!
The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
Remote Code Execution (RCE)
railties is vulnerable to remote code execution. A remote attacker is able to guess the automatically generated secret token when Rails is in development mode. This token can subsequently be used in combination with other Rails internals to execute arbitrary code...
GHSA-M42H-MH85-4QGC Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...
Stored cross-site scripting vulnerability in WODECMS front-end ne***.cl***.php file
WODECMS is a content management system developed based on a self-developed PHP development framework. A stored cross-site scripting vulnerability exists in the WODECMS front-end ne.cl.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information,...
Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...
Practical advice for earning higher Microsoft bounty awards
This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core...
The vulnerability of the web server for the software development tools, Intel Data Center Manager SDK, allows a perpetrator to increase their privileges.
The vulnerability of the Intel Data Center Manager SDK, a tool for developing software, is related to improper session management. Exploiting this vulnerability can allow attackers to enhance their privileges...
JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...
Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...
Semi-Automated Network Penetration Testing Framework: Legion
Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...
What's New in Web Performance? - March 2019
Organizations that do business on the web are at various stages in their digital transformation journey. Some are developing some of the most innovative and immersive digital experiences on the web, others are, for the first time, figuring out how to safely move applications to the cloud with...
Storage Performance Development Kit Denial of Service Vulnerability
Storage Performance Development Kit SPDK is a storage performance development kit from the SPDK community. The product is intended for writing high-performance, scalable user-mode storage applications. A denial of service vulnerability exists in versions prior to SPDK 19.01, which stems from a...
[SECURITY] Fedora 28 Update: python-django-2.0.13-1.fc28
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
CVE-2019-9547
CVE-2019-9547 affects Storage Performance Development Kit (SPDK) prior to 19.01. A malicious vhost client (e.g., a VM) could craft a circular descriptor chain that the vhost target fails to detect, leading to a partial denial of service in the SPDK vhost target. The underlying issue is insufficie...
[SECURITY] Fedora 29 Update: python-django-2.0.13-1.fc29
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
Stable Channel Update for Desktop
The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...
CVE-2019-1994
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation...