11 matches found
EUVD-2023-0267
Malicious code in bioql PyPI...
EUVD-2023-0044
Malicious code in bioql PyPI...
Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we...
CVE-2023-41052
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Known for discovering a number of high-profile zero days—in Google’s own...
Policy and Disclosure: 2020 Edition
Posted by Tim Willis, Project Zero At Project Zero, we spend a lot of time discussing and evaluating vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms of the the larger industry. We're very happy with how well our...
Practico 13.9 Multiple Vulnerabilities
Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...
China CERT: We Missed Report On SCADA Hole
China’s Computer Emergency Response Team CERT admitted that it missed a September e-mail message from a researcher at NSS Labs that pointed out a critical vulnerability in a commonly used SCADA Supervisory Control And Data Acquisition software package. The lapse resulted in a gap of almost four...
A Chat With Adobe's Brad Arkin
Adobe has been in the security spotlight for some time now, and in an effort to give our readers a better perspective on the company’s efforts to improve the security of its products, Threatpost had a live chat with Brad Arkin, director of product security and privacy at Adobe, on Feb. 24. This i...
eEye Retina WiFi Security Scanner 1.0 (.rws Parsing) Buffer Overflow PoC
Exploit for unknown platform in category dos / poc ======================================================================== eEye Retina WiFi Security Scanner 1.0 .rws Parsing Buffer Overflow PoC ======================================================================== !/usr/bin/python Title: Retin...
IBM acpRunner Activex Dangerous Methods Vulnerability
IBM acpRunner Activex Dangerous Methods Vulnerability Release Date: June 15, 2004 Date Reported: February 20, 2004 Patch Development Time In Days: 116 Severity: High Remote Code Execution Vendor: IBM Systems Affected: acpRunner Activex Version 1.2.5.0 Overview: eEye Digital Security has discovere...