14 matches found
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as...
Patch Tuesday Risk Elimination with Agent Sara
Introduction Risk elimination is the goal of any vulnerability management program. It is typically achieved through a combination of patching and scripting solutions. SecOps teams usually prioritize vulnerabilities and forward them to IT teams for remediation. However, the real challenge lies in...
WebOb's location header normalization during redirect leads to open redirect
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...
sara-menuiseries.fr Improper Access Control vulnerability OBB-3831529
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Sara Tech Story Saver 安全漏洞
Sara Tech Story Saver is a download program from Sara Tech USA. Easily download photo or video stories to Instagram. A security vulnerability exists in Sara Tech Story Saver version 1.0.6, which stems from the ability of an attacker to inject a large amount of data into any file that will be load...
sara-reading.com Cross Site Scripting vulnerability OBB-2757941
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sara-reading.com Cross Site Scripting vulnerability OBB-2614184
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Booby 1.0.1 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. software name: Booby version: 1.0.1 description: A Webbased Personal Information Manager PIM with support for bookmarks, calendar, contacts, notes, news and tasks. download:...
WordPress under massive DDoS attack !
Readers of Financial Post or National Post blogs might have found them difficult, if not impossible, to access Thursday morning. That is because WordPress, the platform through which every FP and NP blog has been published for the past 10 months, has been under attack by hackers for the past...
ms-activex.txt
REM metasploit, add a user 'su' with pass 'tzu' scode =...
Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033)
REM metasploit, add a user 'su' with pass 'tzu' scode =...
CVE-2004-1728
Buffer overflow in British National Corpus SARA sarad allows remote attackers to execute arbitrary code by calling the client with a long string...
CVE-2004-1728
Technical details about CVE-2004-1728 are not publicly provided in the connected documents. The available sources confirm a buffer overflow in British National Corpus SARA (sarad) but no specifics on impacted versions or fixes are included here. Monitor for updates.
Cross-site scripting vulnerability in SARA v<=4.2.7
XSS Vulnerability in Security Auditor's Research Assistant SARA versions before 5.0.0 Affects: SARA versions 4.2.6 and 4.2.7. Older versions not tested, presumably affected. Related software sharing common ancestry: SATAN 1.1.1 would not run properly on my test platform, but checking the code it...