Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

Adversarial Robustness Toolbox: ART

The Adversarial Robustness Toolbox ART, an open source software library, supports both researchers and developers in defending deep neural networks against adversarial attacks, making AI systems more secure. Its purpose is to allow rapid crafting and analysis of attack and defense methods for...

openSUSE: Security Advisory for enigmail (openSUSE-SU-2018:1393-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-0328

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

CVE-2018-0327

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

Pivotal Spring Security and Spring Framework Elevation of Privilege Vulnerability

Pivotal Spring Security and Spring Framework are both products of Pivotal Software, Inc.Pivotal Spring Security is a set of security frameworks that provide illustrative security protection for Spring-based applications.Spring Framework Spring Framework is a set of open source Java, Java EE...

macOS / iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Exploit for multiple platform in category dos / poc / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to...

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would...

Infection Monkey - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

chromium-browser: Fullscreen UI spoof

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

Cobub Razor 0.8.0 - Physical path Leakage Vulnerability

Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

Friday Squid Blogging: Eating Firefly Squid

In Tokama, Japan, you can watch the firefly squid catch and eat them in various ways: "It's great to eat hotaruika around when the seasons change, which is when people tend to get sick," said Ryoji Tanaka, an executive at the Toyama prefectural federation of fishing cooperatives. "In addition to...

Description of the security update for Excel Viewer 2007: April 10, 2018

Description of the security update for Excel Viewer 2007: April 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Commo...

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: April 10, 2018

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: April 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these...

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods Exploit

Exploit for windows platform in category dos / poc !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, then the length property of...

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, th...