Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...

[SECURITY] Fedora 27 Update: libgit2-0.26.7-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

CVE-2018-17902

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions...

Description of the security update for PowerPoint 2016: October 9, 2018

Description of the security update for PowerPoint 2016: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

National Cybersecurity Awareness Month: Careers in Cybersecurity

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of...

August 9, 2016 — KB3176495 (OS Build 14393.51)

August 9, 2016 — KB3176495 OS Build 14393.51 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11. Addressed issue to keep pen click settings after...

openSUSE: Security Advisory for openslp (openSUSE-SU-2018:2813-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for obs-service-refresh_patches (openSUSE-SU-2018:2801-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

How to collect Receiver for Android Logs

Different ways of collecting Receiver logs from Android Device...

Mass WordPress compromises redirect to tech support scams

Content Management Systems CMSes such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few...

6 sure signs someone is phishing you—besides email

There are several common and, unfortunately, frequently successful avenues of attack that cybercriminals can use to part you from your personal contact and financial information. These phishing attack methods include email, phone calls, corrupted software or apps, social media, advertisements, an...

[SECURITY] [DLA 1506-1] intel-microcode security update

Package : intel-microcode Version : 3.20180807a.1deb8u1 CVE ID : CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 CVE-2018-3639, CVE-2018-3640, CVE-2017-5715 Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from...

Apache Portals Pluto Remote Code Execution (CVE-2018-1306)

A vulnerability exists in Apache Portals Pluto, The vulnerability is due to improper handling of http methods. A remote attacker can exploit this vulnerability by submitting a crafted request to the target server...

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit

Exploit for windows platform in category web applications Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Window...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

How to troubleshoot common SR-IOV related issues

This article explains how to troubleshoot common SR-IOV Network related issues...

SUSE-SU-2018:2561-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

SUSE-SU-2018:2551-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...