Directory Traversal

Overview Affected versions of earlybird resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of weather.swlyons resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

Directory Traversal

Overview Affected versions of static-html-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerabl...

Directory Traversal

Overview tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 host: localhost and server Response: HTTP/1.1 200 OK Date:...

Directory Traversal

Overview Affected versions of easyquick resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of zwserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of citypredict.whauwiller resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

Important: Red Hat Security Advisory: Red Hat Container Development Kit 3.0.0 security update

An update is now available for Red Hat Container Development Kit 3.0.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

How to Build Virtual Python Environment

In the DevOps world, getting a consistent development environment is crucial. In this post, I'll show you how to set up a virtual Python environment and install the correct libraries to achieve a consistent development environment...

NSA Opens Github Account — Lists 32 Projects Developed by the Agency

The National Security Agency NSA — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes,...

What is BDD Testing: Practical Examples of Behavior Driven Development Testing

The Need for Behavior Driven Development BDD Testing Tools It should come as no surprise to learn that testing is at the heart of our engineers' daily activities. Testing is intrinsic to our development process, both in practical terms and in our thinking. Our engineers work with complex systems...

sudo vulnerability CVE-2017-1000367

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...

CVE-2017-6667

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known...

Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...

KLA11047 Multiple vulnerabilities in Microsoft Development Tools

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Original advisories - Exploitation Public exploits exist for this vulnerability. Malware exists for this...

Healthcare Industry Cybersecurity Report

New US government report: "Report on Improving Cybersecurity in the Health Care Industry." It's pretty scathing, but nothing in it will surprise regular readers of this blog. It's worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Tas...

[SECURITY] Fedora 26 Update: libgcrypt-1.7.7-1.fc26

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

No credentials of the cases, the attacker will be able to login to FreeRADIUS-vulnerability warning-the black bar safety net

Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current world's most popular radius server found a TLS authentication bypass vulnerability. ! FreeRADIUS is currently the world's most popular RADIUS server, in fact the vast majority of the radius server is...

[SECURITY] Fedora 26 Update: FlightGear-2017.1.3-2.fc26

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...