2623 matches found
Mail.ru: XSS
XSS via GET parameters in touch.cooking.lady.mail.ru touch.cooking.lady.mail.ru belongs to extended scope...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru
CSRF in https://allods.mail.ru allows to manage user's subscriptions. allods.mail.ru belongs to extended scope...
Programmers Who Don't Understand Security Are Poor at Security
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn...
CVE-2018-2009
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...
GitHub Increases Rewards, Scope For Bug Bounty Program
GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...
Microsoft’s Cyber Defense Operations Center shares best practices
Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...
Microsoft’s Cyber Defense Operations Center shares best practices
Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...
LibSass heap buffer overread vulnerability (CNVD-2019-40134)
LibSass is the C/C ++ implementation of the Sass compiler. A heap-based buffer over-read vulnerability exists in Sass::Prelexer::parenthesescope in prelexer.hpp in LibSass 3.5.5. An attacker can exploit this vulnerability to cause a denial of service...
DEBIAN-CVE-2019-6283
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
UBUNTU-CVE-2019-6283
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...
Design/Logic Flaw
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...
PT-2018-17484 · Facebook · Hhvm
Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 3.25.1 HHVM versions prior to 3.24.5 HHVM versions prior to 3.21.9 Description: The issue arises from multipart-file uploads improperly registering variables in the global scope. This can cause unexpected behavior when...
Undefined Behavior
Overview All versions of sailsjs-cacheman have a vulnerability that may lead to Undefined Behavior. The config variable is exposing to the global scope which may overwrite other variables and cause the application to misbehave. Recommendation No fix is currently available. Consider using an...
Kaspersky: Unauthorized command execution in Web protection component of Anti-Virus products family
Summary When no browser extension is installed, arbitrary webpages can take control of the Kaspersky command interface and disable parts of the functionality for example. Description Without a browser extension e.g. because extension installation not confirmed by user, unsupported like in MS Edge...
openSUSE Security Update : salt (openSUSE-2018-1574)
This update for salt fixes the following issues : - Crontab module fix: file attributes option missing boo1114824 - Fix gitpillar merging across multiple env repositories boo1112874 - Bugfix: unable to detect os arch when RPM is not installed boo1114197 - Fix LDAP authentication issue when a vali...