CVE-2019-12914

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12911

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12911

The CVE-2019-12911 entry concerns Redbrick Shift (3.4.3 and prior). The vulnerability allows an attacker to extract authentication tokens from services (e.g., Gmail, Outlook) used by the application. The connected Red Hat, CNVD, and CVE records echo the same impact, indicating token exposure thro...

Redbrick Technologies Shift Information Disclosure Vulnerability

Redbrick Technologies Shift is a suite of application platforms from Redbrick Technologies, a Canadian company. The platform supports managed access to email, chat programs, network storage, and more. An information disclosure vulnerability exists in Redbrick Technologies Shift version 3.4.3 and...

The vulnerability of the opj_j2k_setup_encoder function in the OpenJPEG image encoding and decoding library, related to integer overflow caused by left shift operations, allows attackers to cause service failures.

The vulnerability of the opjj2ksetupencoder function in the OpenJPEG image encoding and decoding library is related to a numerical overflow caused by a left shift operation. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created BMP file...

CVE-2018-20788

drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted...

DEBIAN-CVE-2019-6245

An issue was discovered in Anti-Grain Geometry AGG 2.4 as used in SVG++ aka svgpp 1.2.3. In the function agg::cellaa::notequal, dx is assigned to x2 - x1. If dx = dxlimit, which is 16384 polysubpixelshift, this function will call itself recursively. There can be a situation where x2 - x1 is alway...

The vulnerability of the ihevcd_sao_shift_ctb function in the Android operating system allows a hacker to disclose protected information.

The vulnerability of the ihevcdsaoshiftctb function ihevcdsao.c in the Android operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

Adrenalin HRMS Software Cross-Site Scripting Vulnerability (CNVD-2018-26800)

Adrenalin HRMS Software is a human resource management system from Adrenalin eSystems India. A cross-site scripting vulnerability exists in Adrenalin HRMS Software version 5.4.0, which can be exploited by a remote attacker to execute JavaScript code by sending the 'prntFrmName' or '...

CVE-2018-12651

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter...

Data Privacy Issues Trigger Soul Searching in Tech Industry

NEW YORK – For the tech industry, Facebook’s Cambridge Analytica scandal has led to a wave of self-examination when it comes to the culture around data collection and utilization – and what the price is for bad data privacy policies. While regulatory efforts, fines and consumer public sentiment...

Google Android out-of-bounds write vulnerability (CNVD-2019-01565)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An out-of-bounds write vulnerability exists in ihevcdsao.c of ihevcdsaoshiftctb in Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. The vulnerability stems from a lack ...

CVE-2018-9552

In ihevcdsaoshiftctb of ihevcdsao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code,...

Infosec Teams Race To Secure DevOps

With DevOps adoption spreading, infosec teams are scrambling to address the new security challenges stemming from DevOps’ accelerated code development and app deployment. But while IT organizations have made notable progress adapting security to their DevOps processes, work remains to be done...

From cybercrime to cyber defence: How VPNs went mainstream

By Tabby Farrar Virtual Private Networks, also known as VPNs, have had something of an image change in the last few years. Historically, the term VPN has come with negative connotations – linked to users on the Dark Web hiding their identities from law enforcement. With that in mind, it’s...

DEBIAN-CVE-2018-18445

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...

UBUNTU-CVE-2018-18445

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...

Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)

Linux/x86 - execve/bin/sh + NOT/SHIFT-N/XOR-N Encoded Shellcode 50 byes. Shellcode exploit for Linuxx86 platform / Title: Linux\x86 NOT +SHIFT-N+ XOR-N + encoded /bin/sh Shellcode 50 byes Author: Pedro Cabral Purpose: spawn /bin/sh shell Tested On: Ubuntu 16.04.01 LTS Arch: x86 Size: 50 bytes...