Deploying enterprise MDX enabled apps from App Store via Volume Purchase

The CEM/XenMobile Server is currently optimized for Volume Purchase distribution of Public App Store apps that are not MDX enabled. While it is possible to distribute MDX enabled apps from App Store via volume purchase, some considerations must be taken into account for optimal performance. This...

Default credentials

An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...

Mozilla Firefox MFSA Print Preview Spoofing Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox. If pop-up windows are enabled, a malicious website may spoof the contents of the print preview window, causing users to confuse the currently loaded site...

Wireless IP Camera (P2P) WIFICAM 'Cloud' Feature Design Flaw Vulnerability

Wireless IP Camera P2P WIFICAM is a wireless IP camera. A design flaw exists in the Wireless IP Camera P2P WIFICAM 'Cloud' feature, where the camera provides a 'Cloud' feature that is enabled by default, allowing consumers to bypass NAT and firewalls by managing the device over the network using ...

KEOS Esenyurt - Suspicious files, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application KEOS Esenyurt published at the 'play' market has multiple vulnerabilities...

UBUNTU-CVE-2017-5421

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox 52 and Thunderbird 52...

DEBIAN-CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2016-9347

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards WIOC running the firmware available in the DeltaV system, release v13.3, have the SSH Secure Shell functionality enabled unnecessarily...

Error: "The Gateway has EPA enabled, which is not supported on iOS devices" on iOS Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. The following error is displayed when logging on to iOS Receiver: The Gateway has EPA enabled, which...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled

function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type RenderBox, but in the PoC it is actually of type RenderText. This was...

CVE-2014-8362

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface...

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

CVE-2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if...

VM Manager - Unsafe deleting, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application VM Manager published at the 'play' market has multiple vulnerabilities...

CVE-2016-7084

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service host OS memory corruption via a JPEG...

GRIZZLY STEPPE - Russian Malicious Cyber Activity

The Department of Homeland Security DHS has released a Joint Analysis Report JAR that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services RIS is part of an ongoing campaign of cyber-enabled operations directe...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

MS16-148: Description of the security update for Excel 2013: December 13, 2016

MS16-148: Description of the security update for Excel 2013: December 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

ALPINE-CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...