CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

The average payout price for critical vulnerabilities are up six percent and now average $2,041 compared to the prior year. The numbers are from HackerOne’s 2018 Hacker-Powered Security Report, published Wednesday. The study looked at data derived from the HackerOne community between May 2017 and...

Design/Logic Flaw

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware...

CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware...

CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware...

CVE-2018-13787

CVE-2018-13787 affects certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products. The issue is a misconfigured Descriptor Region that could allow OS programs to modify firmware. IBM Power Systems advisories (POWER8/POWER9) reference addressing this CVE via firmware updates...

Debian DLA-1413-1 : dokuwiki security update

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. For Debian 8 'Jessie', these problems have been fixed in version...

HP Data Protector Backup Client Service Code Execution - Ver2 (CVE-2011-0922)

HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The backup agent supports various message types in its communication with clients in...

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

When researcher Kevin Finisterre found a security error in drone-maker DJI’s systems enabling him to access flight log data and images of customers, he thought he had hit the $30,000 jackpot as part of the drone company’s newly announced bug bounty program. Instead, when the incident occurred in...

Microsoft Windows: IE security prompt for Windows Installer scripts

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winieinstallerscripts.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Prevent Internet Explorer security prompt for Windows Installer scripts Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Windows: Windows Defender SmartScreen (Explorer)

This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloade...

CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

Xxe

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

CVE-2018-1000532

The CVE-2018-1000532 issue affects beep (version 1.3 and later). A vulnerability named External Control of File Name or Path exists in the --device option that can allow a local unprivileged user to inhibit execution of arbitrary programs by other users, enabling DoS. Public references in connect...

[SECURITY] Fedora 27 Update: mariadb-10.2.15-2.fc27

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

Amazon Linux AMI : mysql55 (ALAS-2018-1028)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

Japan's Directorate for Signals Intelligence

The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly...

[SECURITY] Fedora 27 Update: postgresql-9.6.9-1.fc27

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

HackerOne: User object in GraphQL exposes number of trial reports for External Programs that also have a Private Program

Summary: For this vulnerability to work, it is necessary that you should be Admin/member of atleast one sandbox team and running a GraphQL node can tell you if the external programs exist on directory page running a private program on hackerone or not...