Improper Access Control

github.com/kubeoperator/kubepi is vulnerable to Improper Access Control. A remote attacker is able to bypass the system's preset permission settings to access restricted API interfaces which leak sensitive user information. The vulnerability also impacts how online applications handle routing...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

Nuts CMS - PHP Remote Code Injection Execution

Nuts CMS - PHP Remote Code Injection Execution "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost /"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $path = $argv2; $pack = "GET $pathnuts/login.php?r= HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Cmd: %s\r\n"; $pack.=...

Third-Party Software Library Risks Scrutinized at Black Hat

Enterprise application developers are under real pressures to push projects out the door quickly and cheaply, and each new version certainly has to be better than the last. This forces them to make decisions that, at a minimum, improve efficiency—and also introduce additional risks. Of particular...

Zoho Information Disclosure / Mixed Content

ZOHO INTERNAL INFORMATION DISCLOSURE Content type is not specified /INSECURE TRANSITION FROM HTTP TO HTTPS IN FORM ================================================================================================================================================== Report-Timeline: ================...

The Killswitch : They can remotely modify your Window 8

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little...

Microsoft to Give Security Guidelines for Agile

Microsoft will release on Tuesday guidelines for developers building online applications and for those using the Agile code-development process. The Agile guidelines apply principles from Microsoft’s Security Development Lifecycle SDL to Agile, an umbrella term for a development model frequently...

Update Protection against Joomla! HTTP Header Script Injection

Joomla! is a content management system CMS designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser...