[SECURITY] Fedora 27 Update: pkgconf-1.3.9-1.fc27

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Zomato: Potential server misconfiguration leads to disclosure of vendor/ directory

Hi, Apologies for the weakness label, it was the closest I could find for what appears to be a server misconfiguration. Typically, in MVC frameworks like Slim which I see you are using here, Symfony, Laravel, etc., the front controller is the only thing exposed, leaving vendor/, logs/, and others...

[SECURITY] Fedora 26 Update: pkgconf-1.3.9-1.fc26

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Web Application Security Scanner: Spaghetti

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

Industrial Cobots Might Be The Next Big IoT Security Mess

Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...

Level up your cybersecurity journey with CLOUDSEC 2017

Beginning this month, Trend Micro will be hosting CLOUDSEC, one of the largest cybersecurity conferences across Asia-Pacific and Europe. The event features presentations and panel discussions from industry experts and thought leaders who will discuss high-level strategies, forward looking securit...

The CIS Critical Security Controls Series

What are the CIS Critical Security Controls? The Center for Internet Security CIS Top 20 Critical Security Controls previously known as the SANS Top 20 Critical Security Controls, is an industry-leading way to answer your key security question: "How can I be prepared to stop known attacks?" The...

WikiLeaks Reveals Two CIA Malware Frameworks

WikiLeaks released details on what it claims are two frameworks for malware samples dubbed AfterMindnight and Assassin, both allegedly developed by the U.S. Central Intelligence Agency. The revelations come amid worldwide efforts to squelch variants of the WannaCry ransomware, an offensive hackin...

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed "AfterMidnight" and "Assassin," both malware programs are designed to...

CVE-2017-3577

Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products subcomponent: Frameworks. The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2017-3577

CVE-2017-3577 affects Oracle PeopleSoft Enterprise CS Campus Community (Frameworks subcomponent), version 9.2. The vulnerability permits a high-privilege attacker with network access via HTTP to compromise the component, enabling unauthorized creation, deletion or modification of data, or full ac...

Oracle Sun ZFS Storage Appliance Kit (AK) Remote Vulnerability

Oracle Sun ZFS is a Sun system product suite from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the IPC Frameworks subcomponent of the Sun ZFS Storage AK component in Oracle Sun Systems Products Suite version 2013...

Oracle PeopleSoft Enterprise CS Campus Community Remote Vulnerability

Oracle PeopleSoft is a set of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise CS Campus Community is one of the campus management components. A security vulnerabili...

Using WebSocket as your Real Time Protocol? Wallam got you covered.

In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’...

Gazelle cross-site scripting vulnerability (CNVD-2017-05627)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in Gazelle. A remote attacker could exploit this vulnerability to execute arbitrary HTML and script...

[SECURITY] Fedora 25 Update: kf5-kio-5.31.0-2.fc25

KDE Frameworks 5 Tier 3 solution for filesystem abstraction...

Commix 1.6 - Automated All-In-One OS Command Injection And Exploitation Tool

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...

[SECURITY] Fedora 25 Update: rubygem-railties-5.0.0.1-2.fc25

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manager rails command line interface; provides Rails generators core;...

CVE-2016-6232

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ dot dot slash in a filename in an archive file, related to KNewsstuff downloads...