8752 matches found
Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)
Summary Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system. Vulnerability Details CVEID: CVE-2015-3253 DESCRIPTION: Apache Groovy could allow a remote attacker to run arbitrary, untrusted code on the system. This issue is caused by the failure to isolate...
Security Bulletin: Multiple Vulnerabilities in IBM SDK Java Technology Edition, Version 8.0 affect IBM Development Package for Apache Spark
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details The IBM Development Package for Apache Spark ...
Security Bulletin: Vulnerability in IBM SDK Java Technology Edition affects IBM Development Package for Apache Spark (CVE-2015-7575)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by the IBM Development Package for Apache Spark. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM SDK updates in January 2016. Vulnerability Details CVEID:...
Security In A DevOps World
Originally presented at the Gartner Security & Risk Management Summit 2018, "Security In A DevOps World" examines the challenges and benefits of integrating security technology and thinking into the development process at the early stages. The slides are designed to assist in the presentation of...
UBUNTU-CVE-2018-5738
Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...
CVE-2018-5112
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...
Design/Logic Flaw
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...
CVE-2018-5112
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...
CVE-2018-5112
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...
Google Tackles AI Principles: Is It Enough?
Google has released its manifesto of principles guiding its efforts in the artificial intelligence realm – though some say the salvo isn’t as complete as it could be. AI is the new golden ring for developers, thanks to its potential to not just automate functions at scale but also to make...
OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)
It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...
PhpSploit - Stealth Post-Exploitation Framework
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...
WARDroid Uncovers Mobile Threats to Millions of Users Worldwide
An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally. The root of the threat lies in the inconsistencies that are ofte...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
Exploit Title : 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - ihack4falafel Vendor Homepage : https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Tested on : Windows ...
Information disclosure
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...
Confirmed—Microsoft Buys GitHub For $7.5 Billion
Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system,...
choicehotelsdevelopment.com XSS vulnerability
Open Bug Bounty ID: OBB-625776 Description| Value ---|--- Affected Website:| choicehotelsdevelopment.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
appraisaldevelopment.com XSS vulnerability
Open Bug Bounty ID: OBB-625593 Description| Value ---|--- Affected Website:| appraisaldevelopment.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-10561
Bitty (a development web server) is vulnerable to a directory traversal flaw in version 0.2.10, exploitable via the URL path in GET requests. The issue is documented across multiple connected records (GHSA, OSV, NVD/NPM advisory) as directory traversal in the bitty package. No concrete exploit de...
CentOS 7 : java-1.8.0-openjdk (CESA-2018:1191)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...