[SECURITY] Fedora 27 Update: mujs-0-11.20180129git25821e6.fc27

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

Invoke-PSImage - Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web when the -Web flag is...

CVE-2017-1494

CVE-2017-1494 pertains to a cross-site scripting (XSS) vulnerability in IBM BPM/Process Designer web UI. Connected IBM bulletin entries confirm the flaw allows injection of JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions include IB...

EmbedInHTML - Embed and hide any file in an HTML file

What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

Embed Images in Comments <= 0.5 - Unauthenticated Stored XSS

Unescaped src and href attribute replacements allows breaking out of the generated replacement tags. A comment containing the following "image" http://codeseekah.com/1.jpg"onload="alert1".jpg will generate an alert box...

Steganography in contemporary cyberattacks

Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός steganos, meaning "covered, concealed, or protected", and γράφειν graphein meaning "writing". Unlike...

CVE-2017-9478

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST and DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote...

Microsoft Windows OLE Remote Code Execution Vulnerability (CNVD-2017-09716)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in the olecnv32.dll file in Microsoft Windows due to Windows OLE failing to properly filter user input. A remote attacker can exploit this vulnerability to...

Flickr Vulnerability Worth $7K Bounty to Researcher

Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. The issue was patched April 10, eight days after Michael Reizelman privately disclosed it through Yahoo’s HackerOne bounty program. Reizelman sai...

CVE-2017-0211

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."...

Microsoft Office Word OLE Object Code Execution Vulnerability

Microsoft Office is a popular office software suite developed by Microsoft. A code execution vulnerability exists in the Microsoft Office Word OLE object, which can be exploited by an attacker to obtain permission to remotely execute arbitrary code, covertly install a variety of malware, and infe...

[SECURITY] Fedora 24 Update: icoutils-0.31.2-1.fc24

The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries...

Python Steganography Tool: Stegosaurus

Python Steganography Tool A steganography tool for embedding payloads within Python bytecode. Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode pyc or pyo files. The embedding process does not alter the runtime behavior or file size of the carrier fil...

[SECURITY] Fedora 24 Update: mujs-0-8.20170124git4006739.fc24

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

[SECURITY] Fedora 25 Update: mujs-0-8.20170124git4006739.fc25

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

PT-2017-2447 · Ruby · Ruby

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to type confusion in the WIN32OLE class of Ruby, specifically in the ole invoke and ole query interface methods. This occurs when an attacker passes a different type of...

[SECURITY] Fedora 25 Update: mujs-0-6.20161031gita0ceaf5.fc25

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

[SECURITY] Fedora 24 Update: mujs-0-5.20160921git5c337af.fc24

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...