General Knowledge - World GK - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application General Knowledge - World GK published at the 'play' market has multiple vulnerabilities...

Knowledge Base for WoT - Base64 encoded String, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Knowledge Base for WoT published at the 'play' market has multiple vulnerabilities...

Lithium Social CRM Cross Site Scripting

Exploit Title: XSS Cross Site Scripting in Social CRM & Community Solutions powered by Lithium in Knowledge base section Discovery Date: 2016/02/19 Public Disclosure Date: 2016/03/24 Exploit Author: Imran Khan Contact: netizen01k at gmail.com Vendor link: http://www.lithium.com/ Tested on: Firefo...

Hackers and Developers Need to Hug it Out

The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released updates that address three vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P4 BIND 9 version 9.10.3-P4 BIND 9 version...

Security Update for Windows Embedded 8 Standard (KB3138962)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

ISC Releases Security Updates for DHCP Server

Internet Systems Consortium ISC has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol DHCP server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updated versions of ISC DHCP...

ISC Releases Security Updates

Internet Systems Consortium ISC has released security updates to address a vulnerability in the ISC Dynamic Host Configuration Protocol DHCP software. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: DHCP version...

Internet Systems Consortium (ISC) Releases Security Updates for BIND

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P2 BIND 9 version 9.10.3-P2 BIND 9 version 9.9.8-S3 Users and...

Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB3119147)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

TaxiHail Android mobile app contains multiple vulnerabilties

Overview Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data. Description The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call...

Security Update for Windows 8 (KB3101746)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 (KB3098780)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 and Windows Server 2012 for x64 (KB3098780)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.6 on Windows 8 (KB3098784)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

What is Threat Intelligence and How It Helps to Identify Security Threats

Simply put, threat intelligence is knowledge that helps you identify security threats and make informed decisions. Threat intelligence can help you solve the following problems: How do I keep up to date on the overwhelming amount of information on security threats…including bad actors, methods,...

Mail.ru: [allods.my.com] Full SQL Disclosure

Уязвимость имеет ту же природу, что и в 96729 и в 96727. Уязвимость возникает вследствие чтения ошибок через включенный Debug-режим. И там, и там - раскрытие информации за счёт debug-режима. Но для того, что бы раскрыть SQL запрос необходимо произвести Stress-тест многочисленными запросами любой...

AlienVault OSSIM 4.3 Cross Site Request Forgery

Exploit Title: AlienVault - ossim CSRF Date: 10-5-2015 Exploit Author: MohamadReza Mohajerani Vendor Homepage: www.alienvault.com Software Link: https://www.alienvault.com/products/ossim Version: Tested on 4.3 Vulnerability Details: ===================== Multiple CSRF vectors exists within...

Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery

Alienvault Open Source SIEM OSSIM 4.3 - Cross-Site Request Forgery Exploit Title: AlienVault - ossim CSRF Date: 10-5-2015 Exploit Author: MohamadReza Mohajerani Vendor Homepage: www.alienvault.com Software Link: https://www.alienvault.com/products/ossim Version: Tested on 4.3 Vulnerability Detail...

Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery

Exploit Title: AlienVault - ossim CSRF Date: 10-5-2015 Exploit Author: MohamadReza Mohajerani Vendor Homepage: www.alienvault.com Software Link: https://www.alienvault.com/products/ossim Version: Tested on 4.3 Vulnerability Details: ===================== Multiple CSRF vectors exists within...