644 matches found
Smart speakers: Christmas treat or lump of coal?
Christmas is nearly upon us, and thoughts are perhaps turning to various digital presents of a “smart” nature. Home security, hubs, speakers, cameras, and mashups of all of those and more besides. With regards to speakers, the most immediate pieces of your home are theoretically at your beck and...
The Effects of Iran's Telegram Ban
The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used...
DEBIAN-CVE-2017-7752
A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...
APSB18-15 Security update available for the Adobe PhoneGap Push plugin
Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution SOME vulnerability CVE-2018-4943 that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap...
IDAsec - IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform
IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform Features Decoding an instruction in DBA IR Loading execution traces generated by Pinsec Triggering analyzes on Binsec and retrieving results Dependencies protobuf ZMQ capstone for trace disassembly graphviz to dr...
Reading Analytics and Privacy
Interesting paper: "The rise of reading analytics and the emerging calculus of reading privacy in the digital world," by Clifford Lynch: Abstract: This paper studies emerging technologies for tracking reading behaviors "reading analytics" and their implications for reader privacy, attempting to...
CVE-2017-8061
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging us...
CVE-2017-2998
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...
CVE-2017-2998
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...
Memory corruption
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...
CVE-2017-2998
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...
CVE-2017-2998
CVE-2017-2998 is a memory corruption vulnerability in Adobe Flash Player ≤ 24.0.0.221, specifically in the Primetime TVSDK API functionality related to timeline interactions that could enable arbitrary code execution. Public postings in multiple advisories confirm a remote, user-triggered risk wi...
Android Package Inspector: Inspeckage
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...
CVE-2017-5017
CVE-2017-5017 affects Google Chrome on macOS prior to 56.0.2924.76, tied to an uninitialized memory access in WebM video support that could allow an attacker to extract image fragments via a crafted page on systems with GeForce 8600M GPUs. The issue is a concrete, vendor-reported memory vulnerabi...
Shopify: apps.shopify.com - CSRF token leakage through Google Analytics
Description: When a user tries to send a support a message to an app developer in apps.shopify.com , he will be asked to login and once he is logged in , he will be redirected to apps.shopify.com/appid?authenticitytoken=currentuserauthenticitytoken. Developers can track their app page view in...
PHP < 5.5.37, 5.6.x < 5.6.23, 7.x < 7.0.8 Multiple Vulnerabilities (Aug 2016) - Linux
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the integrity and accessibility of protected information
The vulnerability exists in Mozilla Firefox due to an incorrect limitation on event handling, which replaces events related to configuration changes. Exploiting this vulnerability allows malicious actors to remotely alter the positions of icons on the user interface by using specially crafted...
The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.
The use of this feature after release in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code or cause service failures errors when working with dynamic memory through SVG animations that interact with the...
CVE-2016-1664
The HistoryController::UpdateForCommit function in content/renderer/historycontroller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web sit...
Microsoft Windows Task Management Privilege Elevation Vulnerabilities (3089657)
This host is missing an important security update according to Microsoft Bulletin MS15-102. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...