Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting

URL scriptURL; URL url; if protocolIsJavaScripturlString scriptURL = completeURLurlString; // completeURL encodes the URL. url = blankURL; else url = completeURLurlString; if shouldConvertInvalidURLsToBlank && !url.isValid url = blankURL; Frame frame = loadOrRedirectSubframeownerElement, url,...

WebKit Synchronous Page Load UXSS

WebKit: UXSS via a synchronous page load CVE-2017-2480 Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrameHTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString&...

UBUNTU-CVE-2017-2376

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page...

CVE-2017-3885

A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. Affected Products...

WebKit: UXSS via a synchronous page load（CVE-2017-2480）

Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrameHTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList...

Understanding the Capacity Management Challenges of Database Monitoring Solutions

Database monitoring requires hardware resources such as storage space and processing power that can withstand the volume of database usage in your organization. A higher usage volume will require more resources. So how can you optimize the resources used by your database monitoring solution? Do y...

Wallarm Teams up with NGINX Plus to Provide Advanced Security

Wallarm is excited to be a pioneer security vendor in NGINX Certified Module program and provide trusted and verified security functionality to NGINX Plus customers. “We are pleased to announce that Wallarm is now part of the NGINX Plus Certified Module program with the Wallarm Next Generation WA...

Using WebSocket as your Real Time Protocol? Wallam got you covered.

In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’...

DEBIAN-CVE-2017-2376

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page...

librevenge: Crash in librevenge::IStorage::load

Detailed report: https://oss-fuzz.com/testcase?key=5356949551972352 Project: librevenge Fuzzer: afllibrevengeolefuzzer Fuzz target binary: olefuzzer Job Type: aflasanlibrevenge Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x619800000f78 Crash State: librevenge::IStorage::load...

Ubuntu 11.10/12.04 - binfmt_script Stack Data Disclosure Vulnerability

Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execv...

SUSE-SU-2017:0367-1 Security update for ceph

This update for ceph fixes the following issues: CVE-2016-5009: moncommand with empty prefix could crash monitor bsc987144 Invalid commandd in SOC7 with ceph bsc1008894 Performance fix was missing in SES4 bsc1005179 ceph build problems on ppc64le bsc982141 ceph make build unit test failure...

CVE-2016-5758

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load...

Cross site request forgery (csrf)

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load...

CVE-2016-5758

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load...

CVE-2017-3856

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. A...

BGP Swiss Army Knife: ExaBGP

ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS. It is routinely used to improve service resilience and provide protection against network or...

CVE-2017-6960

An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...

UBUNTU-CVE-2017-6960

An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...

DEBIAN-CVE-2017-6960

An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...