DEBIAN-CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

WordPress Arbitrary File Deletion Vulnerability Plugged With Patch 4.9.7

On Jun 26 an arbitrary file deletion vulnerability in the WordPress core was publicly disclosed, the vulnerability could allow an authenticated attacker to delete any file and in some cases execute arbitrary code. WordPress is a free, popular, and open-source content management system currently...

Smoking Guns - Smoke Loader learned new tricks

This post is authored by Ben Baker and Holger Unterbrink Overview Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following an alert from Cisco Advanced Malware Protection’s AMP Exploit...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

TP-Link TL-WR841N V13 Cross Site Request Forgery

Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: None Public Disclosure: 06/27/2018 Overview The web interface of the router is...

Lynis 2.6.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Mozilla Foundation reports : CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overfl...

CVE-2018-1000556

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

UBUNTU-CVE-2018-1000556

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

KLA11271 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and obtain sensitive information. Below is a complete list of...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

Security vulnerabilities fixed in Firefox ESR 52.9 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

Security vulnerabilities fixed in Firefox 61 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

NewMark CMS 2.1 - 'sec_id' SQL Injection

Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Date: 2018-06-20 Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus CVE : N/A Prof Of Consept sec id...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following ifix for IBM MessageSight V1.2 in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions Affected IBM MessageSight | Affected Versions...

Two Bugs in WordPress Tooltipy Plugin Patched

WordPress has issued fixes for two bugs rated “medium” in its tooltips plugin, including one that can allow bad actors to do anything an administrative user would be able to do on a WordPress site. The Tooltipy plugin allows users to automatically create responsive “tooltip” boxes for technical...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...