CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

Varnish -- Denial of service vulnerability

phk reports: A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert...

Decompiled SLocker Android Ransomware Source Code Published Online

Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware. Decompiled source...

Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings RCE

Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

CVE-2015-3198

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

CVE-2015-3198

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

CVE-2015-3198

The vulnerability CVE-2015-3198 affects the Undertow module of WildFly 9.x (before 9.0.0.CR2) and 10.x (before 10.0.0.Alpha1). It allows remote attackers to disclose JSP source code by requesting a URL ending with a trailing slash, exposing JSP source to partial confidentiality impact. The issue’...

java-1.8.0-openjdk security update

1:1.8.0.141-2.b16 - Update to aarch64-jdk8u141-b16. - Revert change to remove-intree-libraries.sh following backout of 8173207 - Resolves: rhbz1466509 1:1.8.0.141-2.b15 - Revert previous commit so we can revise the security update. - Resolves: rhbz1468473 1:1.8.0.141-1.b15 - Backport '8180048:...

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...

Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)

E-DB Note: + Source: https://github.com/sensepost/gdi-palettes-exp + Binary: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42432.exe include include include include //From http://stackoverflow.com/a/26414236 this defines the details of the NtAllocateVirtualMemor...

AhMyth Android RAT - Android Remote Administration Tool

AhMyth Android RAT is an Android Remote Administration Tool Beta Version It consists of two parts: Server side: desktop application based on electron framework control panel Client side: Android application backdoor Getting Started From source code Prerequisite : Electron to start the app Java to...

Researcher Claims Samsung's Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backe...

Apache Httpd < 2.2.35-never : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")

When an unrecognized HTTP Method is given in an directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusu...

Apache Httpd < 2.4.28 : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")

When an unrecognized HTTP Method is given in an directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusu...

CVE-2017-2194

CVE-2017-2194 describes a cross-site scripting vulnerability in the Source code security studying tool iCodeChecker. The linked sources confirm this is a XSS issue (CWE-79) that allows an attacker to inject arbitrary web script or HTML, with the arbitrary script execution potentially affecting th...

CVE-2017-2194

Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

Information Disclosure

Moodle is vulnerable to information disclosure attacks. Authenticated users can leverage a flaw in mod/lesson/pagetypes/matching.php to obtain question answers through ID values by reading the HTML source code...

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

Someone leaked 32TB of Windows 10 internal builds and source code

By Waqas It looks like Microsoft is in trouble again. This time not for its critical vulnerabilities in Windows operating system but for a massive data leak in which 32TB of highly sensitive Windows 10 related data has been dumped online. According to a report from TheRegister, it is believed tha...