JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)

JAD Java Decompiler 1.5.8e - Local Buffer Overflow NX Enabled !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prio...

CVE-2017-1117

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155...

Credit Card Breach at Buckle Stores

The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. The disclosure came hours after KrebsOnSecurity contacted the company regarding reports from...

CVE-2017-4908

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

httpd: Incomplete handling of LimitRequestFields directive in mod_http2

A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...

Security update for sudo (important)

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

Double free

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

Cross-origin Resource Sharing (CORS) Globally Enabled By Default

webpack-dev-middleware enables cross-origin resource sharing CORS by default. This allows malicious websites to access assets of a web application...

nexGTv HD:Mobile TV, Live TV - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application nexGTv HD:Mobile TV, Live TV published at the 'play' market has multiple vulnerabilities...

Easter Holiday Phishing Scams and Malware Campaigns

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include: unsolicited shipping notifications that may actually be scams by attackers to solicit personal information phishing scams, electronic greeting cards that may contain...

CVE-2017-5988

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors...

LiveLike - Dangerous filesystem permissions, External URLs, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application LiveLike published at the 'play' market has multiple vulnerabilities...

Magic Piano by Smule - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Magic Piano by Smule published at the 'play' market has multiple vulnerabilities...

Deploying enterprise MDX enabled apps from App Store via Volume Purchase

The CEM/XenMobile Server is currently optimized for Volume Purchase distribution of Public App Store apps that are not MDX enabled. While it is possible to distribute MDX enabled apps from App Store via volume purchase, some considerations must be taken into account for optimal performance. This...

Default credentials

An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...

Mozilla Firefox MFSA Print Preview Spoofing Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox. If pop-up windows are enabled, a malicious website may spoof the contents of the print preview window, causing users to confuse the currently loaded site...

Wireless IP Camera (P2P) WIFICAM 'Cloud' Feature Design Flaw Vulnerability

Wireless IP Camera P2P WIFICAM is a wireless IP camera. A design flaw exists in the Wireless IP Camera P2P WIFICAM 'Cloud' feature, where the camera provides a 'Cloud' feature that is enabled by default, allowing consumers to bypass NAT and firewalls by managing the device over the network using ...

KEOS Esenyurt - Suspicious files, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application KEOS Esenyurt published at the 'play' market has multiple vulnerabilities...