JDK: J9 JVM allows code to invoke non-public interface methods

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

Apple Mac OSX - io_service_close Use-After-Free

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=597 It turns out that the spoofed no-more-senders notification bug when applied to iokit objects was actually just a more complicated way to hit ::clientClose in parallel. We can in fact do this very simply by calling...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

Android WebView remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

In the past period of time, the WebView remote code execution vulnerability can be said to be swept a large number of the Android App query some vulnerabilities of the platform can be substantially the case, given the many loopholes in the App and not disclosed, and therefore WebVeiw remote code...

Microsoft Windows JScript External Object Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code in applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that th...

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

USN-2818-1 openjdk-7 vulnerability

It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

Wirecard Checkout Page 1.0 Price Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2015-061 Product: Wirecard Checkout Page Manufacturer: Wirecard AG Affected Versions: 1.0 Tested Versions: 1.0 Vulnerability Type: Improper Validation of Integrity Check Value CWE-354 Risk Level: High Solution Status: Fixed...

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.1.4, 3.0.15, 2.7.6, and 2.6.12. These releases contain security fixes. 3.1.4 and 2.7.6 also contain bugfixes. Security Fixes These releases contain fixes for a Remot...

SSL and TLS protocol test suite and fuzzer: tlsfuzzer

tlsfuzzer is a combination of TLS test framework, ready-to-use tests and hopefully in the future a fuzzer for TLS protocol. The aim is to have ability to test TLS implementation everywhere a fairly recent version of Python can run 2.6, 3.2 or later. Current implementation efforts focus on testing...

Shopify: Accessing Payments page and adding payment methods with limited access accounts

Users with the Orders permission were allowed to see the store's payment gateway information. This page should have been restricted to users with the Settings permission only. Using this vulnerability a User with limited access/ No access to Settings could add/alter/change Payment settings while...

Robust ClamAV-based Linux Malware Scanner: MalScan

Malscan is a robust and fully featured scanning platform for Linux servers that greatly simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all of the features of Clamscan with a host of new features and detection modes. Features Multiple...

Attack the onion routing(Tor)and anonymous service to some of the review-vulnerability warning-the black bar safety net

Tor The Onion Router, the onion router's main purpose is to prevent flow through the filter and Sniffer to spy on the user of the communication Privacy, the majority of the Chinese people familiar with it not because it's encrypted, but because it is a multi-layer node could span the Great Wall o...

Adobe Flash - Drawing Methods this Use-After-Free

Adobe Flash - Drawing Methods this Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=388&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There are use-after frees realated to storing a single pointer this this pointer in several...

Adobe Flash - Drawing Methods 'this' Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=388&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There are use-after frees realated to storing a single pointer this this pointer in several MovieClip drawing methods, including beginFill,...

Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco Finesse could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerabilities are due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remo...

Car Hacking Gets the Attention of Detroit and Washington

Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a...

FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)

oCERT reports : The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...