HackerOne: "early preview" programs disclosure

Hi, There is a really small issue, but I think it should be fixed. If you open https://hackerone.com/facebook as guest user not logged, you will be redirected to https://hackerone.com/users/signin, so it shows that facebook page exists and it's private. Correct redirection should be to 404 page...

6: JSM policy not respected by deployed applications

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...

Portable router storage 0 DAY vulnerability that hackers can steal the privacy-vulnerability warning-the black bar safety net

Tenda router 4G301 model the presence of memory-typeXSScross-site scripting vulnerability vulnerability number: RSV-2 0 1 4-0 0 1 River. Rising security experts, the vulnerability is currently no official patch, belonging to the 0 DAY vulnerability, an attacker can carefully construct a malicious...

Windows Prefetch Folder

Nessus was able to retrieve and display the contents of the Windows prefetch folder %systemroot%\prefetch. This information shows programs that have run with the prefetch and superfetch mechanisms enabled. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid77668;...

AIX 7.1 TL 2 : malloc (IV62807)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

DLA-33-1 openssl - security update

Bulletin has no description...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

CVE-2014-3896

CVE-2014-3896 involves multiple CSRF vulnerabilities in Seeds acmailer CGI programs. Affected: acmailer < 3.8.17 and

CVE-2014-2956

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of...

Design/Logic Flaw

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of...

CVE-2014-2956

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of...

90 Percent of the Information Intercepted by NSA Belongs to Ordinary Internet Users

If anybody says that NSA is watching you, nobody surprises. But, a large scale investigation published by Washington Post indicates that the scope of surveillance carried out by US National Security Agency was massive even than the expectation of you and me. Just because you are an ordinary perso...

QNX RTOS 4.25/6.1 su Password Hash Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4914/info It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is...

Persits XUpload ActiveX MakeHttpRequest Directory Traversal

No description provided by source. $Id: persitsxuploadtraversal.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Trend Micro OfficeScan Corporate Edition 3.0/3.5/3.11/3.13 DoS Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1013/info Trend Micro OfficeScan is an antivirus software program which is deployable across an entire network. During the installation of the management software, the administrator is asked to choose between managing fro...

AJ Matrix 3.1 - (id) Multiple SQL Injection Vulnerability

No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

Caldera UnixWare 7.1.1 Message Catalog Environment Variable Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string vulnerability in the locale subsystem could lead ...

Microsoft Windows Media Player 7.0 Javascript URL Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2167/exploit Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from within the Windo...

QNX RTOS 4.25/6.1 phgrafx-startup Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4916/info The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This...

Wolfram Research webMathematica 4.0 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied inpu...