Foxit Reader and PhantomPDF Read-Over-Boundary Vulnerability (CNVD-2016-10513)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. An out-of-bounds read vulnerability exists in Foxit Reader and PhantomPDF versions prior to 8.1 on Windows-based platforms. When the gflags application is enabled, a remote...

Foxit Reader and PhantomPDF Denial of Service Vulnerability (CNVD-2016-10514)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A denial of service vulnerability exists in the ConvertToPDF plug-in in Foxit Reader and PhantomPDF versions prior to 8.1 on Windows-based platforms. When the gflags application...

CVE-2016-8878

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return...

CVE-2016-8876

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."...

SSL Enabled Basic Auth Credential Harvester: phishery

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

IoT Botnets Are The New Normal of DDoS Attacks

If you’ve been on the wrong end of what passes for a modern-day DDoS attack, you’re well familiar with the firepower of the almighty DVR. That’s right, the innocuous set-top box responsible for the posterity of your Game of Thrones seasons 1-6 is behind some of the biggest swarming attacks agains...

Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

MGASA-2016-0333 Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

Citrix Gateway VPN Users are Unable to Resolve IPv4 DNS When ISP has IPv6 Enabled

Citrix Gateway VPN users are not able to resolve IPv4 DNS when their ISP has IPv6 enabled...

Netscaler Gateway license not getting applied and ICA user count shows as 0

Netscaler Gateway license not getting applied and ICA user count shows as 0 in GUI and CLI both. show ns license output shows as below: Http DoS Protection: YES Dynamic Routing: YES Content Filtering: YES Integrated Caching: NO SSL VPN: YES Maximum users = 5 Maximum ICA users = 0...

CVE-2016-7044

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

Kerberos Security Feature Bypass

Exploit Title: Kerberos Security Feature Bypass Vulnerability Kerberos to NTLM Fallback Date: 22-09-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 and Windows 10 x64 CVE : CVE-2016-3237 Category: Local Exploits & Privilege Escalation SPECIAL CONFIG: Standard Domain...

UBUNTU-CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

Университет ИТМО - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Университет ИТМО published at the 'play' market has multiple vulnerabilities...

BSNL Teracom Router Firmware Rewrite / Link Modification

Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...

J.P. Morgan Mobile - Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application J.P. Morgan Mobile published at the 'play' market has multiple vulnerabilities...

phpCollab CMS 2.5 Cross Site Request Forgery

Document Title: =============== phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1911 Release Date: ============= 2016-08-17 Vulnerability Laboratory ID VL-ID: ====================================...

Приват24 Бизнес - Dangerous filesystem permissions, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Приват24 Бизнес published at the 'play' market has multiple vulnerabilities...

PowerWare Ransomware Masquerades as Locky to Intimidate Victims

A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics. According to researchers, a new versi...