261 matches found
Cybersecurity Risk: What It Is and How Can It Be Reduced?
By Waqas By definition, cybersecurity risk is your potential exposure to harm when your online information or communication system is left vulnerable. This is a post from HackRead.com Read the original post: Cybersecurity Risk: What It Is and How Can It Be Reduced?...
phpBB < 3.2.11, 3.3.x < 3.3.2 Multiple Vulnerabilities
phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...
SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)
This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...
UBUNTU-CVE-2020-13091
DISPUTED pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibilit...
PT-2020-13328
Name of the Vulnerable Software and Affected Versions pandas versions 1.0.0 through 1.0.3 Description The issue allows untrusted files passed to the read pickle function to potentially unserialize and execute commands, specifically if reduce makes an os.system call. It is noted that the read pick...
[SECURITY] Fedora 29 Update: bind-dyndb-ldap-11.1-19.fc29
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
Does Zero Trust Security Have to be Hard to be Effective?
The short answer is no. As expected, the long answer is a little more nuanced. But first, a quick refresher on Zero Trust security for those who haven't jumped on the bandwagon yet. For those who have, feel free to skip the next section. Zero Trust Security Recap We know that the defensible netwo...
The vulnerability of the map/reduce function implementation in the PouchBD database allows a hacker to execute arbitrary code.
The vulnerability of the map/reduce function implementation in the PouchBD database is related to deficiencies in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or system commands remotely...
GHSA-CGQV-X5CX-XVQH Arbitrary Code Injection in pouchdb
Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version 6.0.5 or...
EnterToken Integer Overflow Vulnerability
EnterToken is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the sell function of EnterToken's smart contract implementation where "amount sellPrice" can be zero. An attacker could exploit this vulnerability to reduce the seller's assets...
GHSA-4662-J96G-MV46 Arbitrary Code Injection in reduce-css-calc
Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...
ecc-gulp-tasks (=2.4.3) potentially affected by CVE-2016-10548 via reduce-css-calc (=1.2.4)
reduce-css-calc NPM version =1.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on reduce-css-calc and may be impacted: - ecc-gulp-tasks =2.4.3 Source cves: CVE-2016-10548 Source advisory: OSV:GHSA-4662-J96G-MV46...
Arbitrary Code Injection in reduce-css-calc
Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...
CVE-2016-10548
Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...
CVE-2016-10548
Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...
CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
CVE-2016-10548
Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...
CVE-2016-10548
CVE-2016-10548 affects the Node.js module reduce-css-calc (versions
Building a world without passwords
Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that weve been busy at work trying to create a world without them a world without passwords. In this blog, we will provide a brief insight into how we at Microsoft think about solving this...
Microsoft Windows - Local Privilege Escalation
Microsoft Windows - Local Privilege Escalation include "stdafx.h" define PML4BASE 0xFFFFF6FB7DBED000 define PDPBASE 0xFFFFF6FB7DA00000 define PDBASE 0xFFFFF6FB40000000 define PTBASE 0xFFFFF68000000000 typedef LARGEINTEGER PHYSICALADDRESS, PPHYSICALADDRESS; pragma packpush,4 typedef struct...