Send Anywhere application for Android trust management issue vulnerability

Send Anywhere application for Android is a file transfer application based on Android platform. A trust management issue vulnerability exists in version 9.4.18 of the Send Anywhere application for the Android platform, which stems from a failure of the program to securely store information, which...

CVE-2019-13100

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

CVE-2019-13100

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

Default credentials

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

CVE-2019-13100

The CVE-2019-13100 vulnerability affects the Android Send Anywhere app (version 9.4.18). It arises from insecure storage of confidential data: the username and password can be obtained from the cleartext file /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml by a non...

CVE-2019-13100

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

Exploit for Injection in Atlassian Jira_Server

CVE-2019-11581 Atlassian JIRA Template injection vulnerabil...

USN-4041-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update

USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SOSNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that t...

CVE-2019-11581 - Template injection in various resources

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::MeshCoP::DatasetManager::HandleSet

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5683612520808448 Project: openthread Fuzzer: aflopenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...

CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting...

Authorization Bypass

cfme is vulnerable to authorization bypass. The vulnerability exists through an insecure send method...

The vulnerability of the server management application CentOS Web Panel lies in the insufficient verification of the authenticity of executed requests, allowing a malicious actor to execute arbitrary commands.

The vulnerability of the application for managing CentOS Web Panel servers admin/index.php?module=sendssh is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

MKCMS Cross-Site Request Forgery Vulnerability

MKCMS is a content management system. A cross-site request forgery vulnerability exists in MKCMS version 5.0. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker can exploit the vulnerability to send an...

DEBIAN-CVE-2019-8956

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg" function net/sctp/socket.c when handling SCTPSENDALL flag can be exploited to corrupt memory...

openthread/ip6-send-fuzzer: Stack-use-after-return in ot::MeshCoP::ChannelMaskEntryBase::GetChannelPage

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5153373483958272 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type:...

Mozilla launches Firefox Send for private file sharing

Mozilla look to reclaim some ground from the all-powerful Chrome with a new way to send and receive files securely from inside the browser. Firefox Send first emerged in 2017, promising an easy way to send documents without fuss. The training wheels have now come off and Send is ready to go...

Firefox Send — Free Encrypted File Transfer Service Now Available For All

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted...

Firefox Send — Free Encrypted File Transfer Service Now Available For All

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted...