Lucene search
K

8752 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.30 views

Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)

Summary Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system. Vulnerability Details CVEID: CVE-2015-3253 DESCRIPTION: Apache Groovy could allow a remote attacker to run arbitrary, untrusted code on the system. This issue is caused by the failure to isolate...

9.8CVSS0.9AI score0.44303EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java Technology Edition, Version 8.0 affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details The IBM Development Package for Apache Spark ...

3.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.23 views

Security Bulletin: Vulnerability in IBM SDK Java Technology Edition affects IBM Development Package for Apache Spark (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by the IBM Development Package for Apache Spark. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM SDK updates in January 2016. Vulnerability Details CVEID:...

5.9CVSS0.7AI score0.0288EPSS
Exploits0Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/06/13 4:44 p.m.48 views

Security In A DevOps World

Originally presented at the Gartner Security & Risk Management Summit 2018, "Security In A DevOps World" examines the challenges and benefits of integrating security technology and thinking into the development process at the early stages. The slides are designed to assist in the presentation of...

6.7AI score
Exploits0
OSV
OSV
added 2018/06/12 12:0 a.m.1 views

UBUNTU-CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

7.5CVSS7.1AI score0.1107EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

7.5CVSS7.3AI score0.02012EPSS
Exploits0References5
Prion
Prion
added 2018/06/11 9:29 p.m.21 views

Design/Logic Flaw

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

5CVSS7.6AI score0.02012EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.21 views

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

7.7AI score0.02012EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.24 views

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

7.5CVSS8.6AI score0.02012EPSS
Exploits0
ThreatPost
ThreatPost
added 2018/06/08 5:33 p.m.13 views

Google Tackles AI Principles: Is It Enough?

Google has released its manifesto of principles guiding its efforts in the artificial intelligence realm – though some say the salvo isn’t as complete as it could be. AI is the new golden ring for developers, thanks to its potential to not just automate functions at scale but also to make...

7.2AI score
Exploits0References10
RedHat Linux
RedHat Linux
added 2018/06/07 4:5 p.m.5 views

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

5.8CVSS7.4AI score0.04162EPSS
Exploits0References4
Kitploit
Kitploit
added 2018/06/06 10:17 p.m.33 views

PhpSploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

8.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/06/05 8:38 p.m.13 views

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally. The root of the threat lies in the inconsistencies that are ofte...

0.2AI score
Exploits0References1
Exploit DB
Exploit DB
added 2018/06/05 12:0 a.m.35 views

10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)

Exploit Title : 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - ihack4falafel Vendor Homepage : https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Tested on : Windows ...

7.4AI score
Exploits0
Prion
Prion
added 2018/06/04 7:29 p.m.15 views

Information disclosure

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

9.3CVSS8AI score0.00732EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2018/06/04 7:19 a.m.100 views

Confirmed—Microsoft Buys GitHub For $7.5 Billion

Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system,...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/06/01 9:45 p.m.12 views

choicehotelsdevelopment.com XSS vulnerability

Open Bug Bounty ID: OBB-625776 Description| Value ---|--- Affected Website:| choicehotelsdevelopment.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/06/01 3:54 p.m.16 views

appraisaldevelopment.com XSS vulnerability

Open Bug Bounty ID: OBB-625593 Description| Value ---|--- Affected Website:| appraisaldevelopment.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
CVE
CVE
added 2018/05/31 8:0 p.m.41 views

CVE-2016-10561

Bitty (a development web server) is vulnerable to a directory traversal flaw in version 0.2.10, exploitable via the URL path in GET requests. The issue is documented across multiple connected records (GHSA, OSV, NVD/NPM advisory) as directory traversal in the bitty package. No concrete exploit de...

5.3CVSS5.2AI score0.01496EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.39 views

CentOS 7 : java-1.8.0-openjdk (CESA-2018:1191)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.3CVSS6AI score0.15141EPSS
Exploits0References11
Rows per page
Query Builder