Code injection

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

CVE-2019-6266

CVE-2019-6266 affects Cordaware bestinformed for Windows prior to version 6.2.1.0. Public sources describe insecure SSL certificate verification and insecure access patterns, which can allow remote attackers to downgrade encrypted connections to cleartext. Related CNVD entries for the same produc...

SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security...

Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode bundled with IBM WebSphere Application Server Patterns (CVE-2018-1996)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications

Attacks on applications can be divided into two types: targeted attacks and “spray and pray” attacks. Targeted attacks require planning and usually include a reconnaissance phase, where attackers learn all they can about the target organization’s IT stack and application layers. Targeted...

The vulnerability in the “soundlib/Snd_fx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music allows a hacker to trigger a service failure.

The vulnerability in the “soundlib/Sndfx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music is related to buffer overflows and reading beyond the maximum memory limit. Exploiting this vulnerability could allow a malicious actor to cause service...

Bscan - An Asynchronous Target Enumeration Tool

Synopsis bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure...

Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

Using a Fake Hand to Defeat Hand-Vein Biometrics

Nice work: One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for...

OrangeForum 1.4.0 Open Redirection

Open Redirection Vulnerabilities in OrangeForum 1.4.0 Information -------------------- Advisory by Netsparker Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0 Affected Software: OrangeForum Affected Versions: 1.4.0 Homepage: https://github.com/s-gv/orangeforum Vulnerability: Open...

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

Fedora 29 : python-markdown2 (2018-6a8028084d)

python-markdown2 2.3.6 - pull 282 Add TOC depth option - pull 283 Fix to add TOC html to output via CLI - pull 284 Do not remove anchors in safemode - pull 288 fixing cuddled-lists with a single list item - pull 292 Fix Wrong rendering of last list element - pull 295 link-patterns fix - pull 300...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2018-1643)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

Singles' Day Blows Away Its Own Records

Singles' Day in China is the world's largest shopping event. Since its beginnings in 1993 at Nanjing University, it has grown to become a national phenomenon. Singles' Day was originally started as a way to celebrate singles and as a protest against couple-centric festivals. The date 11/11 was...

Mobile Shopping Growth Accelerates During Diwali

Diwali is the Hindu festival of lights, celebrated every autumn in October or November. According to Redseer Consulting, the sales volume during the festival usually accounts for about 35%-40% of the annual sales of e-commerce in India; for 2018 Redseer predicts $2.5 to $3 billion gross merchandi...

F5 Networks BIG-IP : TMM vulnerability (K81137982)

Undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel TMM. CVE-2017-6136 Impact An attacker may be able to disrupt traffic or...

F5 Networks BIG-IP : TMM with LRO vulnerability (K07550539)

When Large Receive Offload LRO is enabled, undisclosed traffic patterns may cause TMM to restart. LRO has been available since 11.4.0 but is not enabled by default until13.1.0 for all platformsand 12.0.0 for Virtual Edition. CVE-2018-15311 Impact An attacker may be able to disrupt traffic or caus...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

CVE-2018-15320

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with...