CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

Hunting COM Objects (Part Two)

Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. What is a COM Object? According to...

Cross site request forgery (csrf)

The Rendezvous Routing Daemon rvrd, Rendezvous Secure Routing Daemon rvrsd, Rendezvous Secure Daemon rvsd, Rendezvous Cache rvcache, and Rendezvous Daemon Manager rvdm components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO...

CVE-2018-12414

The Rendezvous Routing Daemon rvrd, Rendezvous Secure Routing Daemon rvrsd, Rendezvous Secure Daemon rvsd, Rendezvous Cache rvcache, and Rendezvous Daemon Manager rvdm components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

Design/Logic Flaw

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...

SUSE-SU-2018:1503-1 Security update for oracleasm kmp

This update provides rebuilt kernel modules for SUSE Linux Enterprise 12 SP3 products with retpoline enablement to address Spectre Variant 2 CVE-2017-5715 bsc1068032. Following modules have been rebuilt: - drbd - oracleasm - crash - lttng-modules...

Design/Logic Flaw

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but th...

CVE-2018-6591

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but th...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

Supply chain security issues in reproduction: a medicines management system How will A 1 4 0 0 a vulnerability-vulnerability warning-the black bar safety net

! Industrial control systems network Emergency Response Team, ICS-CERT on Tuesday issued a notice to appear, a widely used medication management system in the presence of more than 1 4 0 0 a vulnerability. Security researchers independently of the road Pyxis SupplyStation are United by CareFusion...

Lynis 2.0.0 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

Apple Mac OS X multiple security vulnerabilities

Different vulnerabilities in multiple sustem components...

Cisco AnyConnect Secure Mobility Client Software Downgrade Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to replace software components. The vulnerability is due to improper sanitization of user-supplied input by the affected software's download feature. An unauthenticated, remote...

CVE-2011-4084

...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager security update

Red Hat Enterprise Virtualization Manager 2.2 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Novell ZENworks Desktop Management ActiveX Control Buffer Overflow (CVE-2008-5073)

Novel ZENworks Desktop Management is a resource management solution for workstations and laptops. The product include various software components that are installed on management and managed computers. One of these software components is an ActiveX control implemented in file AxNalServer.dll. A...

Add a generic HTML cleaning service

This will be able to be used by all components that need to display untrusted HTML: including HTML attachments, RSS feeds, and the html-include macro...

Multiple gnuts bugs

Multiple buffer overflows in different components...