New 'Sodinokibi' Ransomware Exploits Critical Oracle WebLogic Flaw

A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant. The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. Th...

With Yahoo and Paypal is related to two distinct vulnerabilities-vulnerability warning-the black bar safety net

! This article share with Yahoo and Paypal is related to two unique vulnerability, one for Yahoo IDOR vulnerability insecure direct object references, another for Paypal, DoS vulnerabilities, two vulnerabilities found are for the Indian security engineers, which found that principles and ideas ar...

Cross-site Scripting in Apache Zeppelin

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

GHSA-R2V5-5VCR-H3VQ Cross-site Scripting in Apache Zeppelin

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

Cross-site Scripting (XSS)

Apache Zeppelin is vulnerable to cross-site scripting XSS. The attack exists because it does not sanitize Note permissions, allowing an attacker to inject arbitrary script through the affected parameter...

Cross site scripting

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

CVE-2018-1328

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

CVE-2018-1328

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

CVE-2018-1328

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph"...

CVE-2018-1328

CVE-2018-1328 affects Apache Zeppelin prior to 0.8.0, where a stored XSS flaw exists via Note permissions. The root cause is unsanitized input in Note handling that can trigger script execution. Impact is user-facing XSS; remediation is upgrading Zeppelin to 0.8.0 or later (or applying equivalent...

UBUNTU-CVE-2019-5428

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11358. Reason: This candidate is a duplicate of CVE-2019-11358. Notes: All CVE users should reference CVE-2019-11358 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

[SECURITY] Fedora 30 Update: bijiben-3.32.1-2.fc30

Simple note editor which emphasis on visuals : quickly write notes, quickly find it back...

DEBIAN-CVE-2017-7771

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function...

The vulnerability of the exif_process_IFD_in_MAKERNOTE module in the PHP programming language, related to reading beyond buffer boundaries, allows attackers to cause service failures.

The vulnerability of the exifprocessIFDinMAKERNOTE module located in ext/exif/exif.c in the PHP programming language is related to incorrect image processing. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially created JPEG file...

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

Awakening the beast: BatMobi adware

On February 12, a patron of the Malwarebytes Forum alerted us of an issue with ad redirects that seemed to come out of nowhere. An outcry from other commenters filled the forum thread, all experiencing the same redirects to the same exact websites. Our web protection team traced the offending...

PT-2019-6192

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.99.0 Description The issue is related to a global buffer over-read in the Exiv2::Internal::Nikon1MakerNote::print0x0088 function in nikonmn int.cpp, which can result in an information leak. This can allow a remote attacker t...

Xxe

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...