52 matches found
Jetbrains JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity is vulnerable to an access control error that stems from the...
Microsoft Azure Sphere Data Forgery Issue Vulnerability
Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...
Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...
Cisco Anyconnect Secure Mobility Client Code Issue Vulnerability
Cisco Anyconnect Secure Mobility Client is a VPN client software for secure connectivity from Cisco. A code issue vulnerability exists in Cisco AnyConnect Secure Mobility Client that arises from a network system or product that does not adequately verify the origin or authenticity of data. An...
WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users
Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...
Anti-NATO Disinformation Campaign Leveraged CMS Compromises
Researchers have uncovered a widespread influence campaign that aims to discredit the Northern Atlantic Treaty Organization NATO, an intergovernmental military alliance between 30 North American and European countries. According to new research from FireEye, the campaign has been ongoing since at...
CVE-2019-6475
Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...
CVE-2019-6475
Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...
Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...
Uber: Text Only Content Spoofing on ubermovement.com Community Page
Text Only Content Spoofing on ubermovement.com Community Page Vulnerable URL: http://ubermovement.com/community?tag=%20Stories%20have%20false%20information.%20Visit%20http://attacker.com%20for%20real%20stories. Content Spoofing is an attack technique that allows an attacker to inject a malicious...
Business Identity Theft: Increasingly Commonplace Yet Incredibly Obscure
You wouldn’t know it from reading the news, but business identity theft is becoming an increasingly large concern for small business owners, according to a report filed by NPR’s Yuki Noguchi today on Morning Edition. Noguchi tells the story of Scott Burnett and the Memphis-based company he and hi...
Active! mail 6 vulnerable to HTTP header injection
Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...