172 matches found
SilverStripe CMS 3.1.9 Path Disclosure
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html Date: 04-Apr-2017 Product: SilverStripe CMS Versions affected: 3.1.9 and below. Vulnerability: Path disclosure. Example URL: http://target/dev/build/ Path reported: /home/target/publichtml/framework/dev/DebugView.php...
Computer Associates (Layer7) API Gateway 7 / 8 / 9 CRLF Response Splitting / Directory Traversal
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html Date: 04-Apr-2017 Product: Computer Associates Layer7 API Gateway Versions affected: v7, v8, v9 Vulnerabilities: 1 CRLF Response Splitting...
Avaya Radvision SCOPIA Desktop SQL Injection
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlgloginowneridjsp-ownerid-sql-injection.html Date: 04-Apr-2017 Product: Avaya Radvision SCOPIA Desktop Versions affected: v7.7.000.042 released in 2011 confirmed v8.2.101.046 relased in 2013 confirmed Vulnerability: Blind SQL injectio...
Fedora 24 : fedmsg (2017-a73bc7ac5d)
Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...
Serva 3.0.0 - HTTP Server Denial of Service
!/usr/bin/env python Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit Vendor: Patrick Masotta Product web page: http://www.vercot.com Affected version: 3.0.0.1001 Community, Pro, 32/64bit Summary: Serva is a light 3 MB, yet powerful Microsoft Windows application. It was conceived...
Important: Red Hat Security Advisory: ipsilon security update
An update for ipsilon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe
Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that’s simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Ma...
Congressional Leaders Demand Answers on Yahoo Breach
Vermont Senator Patrick Leahy, along with a number of his Democratic congressional colleagues, has demanded answers from Yahoo CEO Marissa Mayer about what is now the biggest data breach in history. Leahy called the two years between the intrusion of Yahoo’s network and the discovery and disclosu...
Putting Apple Bug Bounty Rewards in Perspective
Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on...
Little Snitch Bug Leaves Some Mac Systems Open to Attack
Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker...
Patrick Wardle on macOS Gatekeeper, Crypto Enhancements
At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...
RansomWhere? Generic OS X Ransomware Detection
With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific;...
January 2016 Apple Security Patches iOS, OS X, Safari
Apple on Tuesday released security patches for iOS, OS X and an update for the Safari browser. The patches come less than a week after a ShmooCon presentation by Synack director of research Patrick Wardle revealed that Apple’s Gatekeeper security feature in OS X can be bypassed by an attacker wit...
Mac GateKeeper vulnerability patch is invalid, it can still be bypassed to attack-vulnerability warning-the black bar safety net
Recently, security experts Patrick Wardle said earlier Apple released for the repair of reinforcing the Mac OS X GateKeeper vulnerability patch is invalid, cannot protect the user of Mac computer security. In 2 0 1 5 year 9 months, is exactly what Patrick Wardle first discovered the vulnerability...
Xdh / LinuxNet Perlbot / fBot IRC Bot - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution', 'Description' = %q This module allows remote command execution on an I...
Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution', 'Description' = %q This module allows remote command execution on an I...
Apple Mac OS X Gatekeeper Bypass
Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle,...
stpatrickinarmonk.org XSS vulnerability
Vulnerable URL: http://stpatrickinarmonk.org/search?query=%20%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 21:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
RHEL 5 : pki (RHSA-2012:1550)
Updated pki-common and pki-tps packages that fix multiple security issues are now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Ultra Electronics 7.2.0.19 / 7.4.0.7 SQL Injection / Direction Creation
Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...