FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net

0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...

Symantec/Norton anti-virus engine remote Heap/Pool memory corruption vulnerability analysis CVE-2 0 1 6-2 2 0 8-a vulnerability warning-the black bar safety net

! Recently, Symantec and Norton products using the core anti-virus engine was traced to the presence of high-risk vulnerabilities. It is in the parsing by aspack early version of the packaged executable file will occur when the buffer overflow, leading to memory corruption, Windows systems blue...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

FreeBSD-SA-16:19.sendmsg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:19.sendmsg Security Advisory The FreeBSD Project Topic: Incorrect argument handling in sendmsg2 Category: core Module: kernel Announced: 2016-05-17 Credits:...

CVE-2016-1208

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors...

Code injection

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors...

CVE-2016-1208

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors...

CVE-2016-1208

The CVE-2016-1208 issue affects FileMaker Server on macOS X versions prior to 14.0.4, where the server allows remote attackers to read PHP source code via unspecified vectors. Root cause is a server-side exposure that reveals PHP sources when Custom Web Publishing with PHP is enabled. Affected pr...

JVN#91638315: FileMaker server issue where PHP source code may be viewable

FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Impact PHP source code may be viewable. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected FileMake...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

Microsoft Windows 7 - WebDAV Local Privilege Escalation (MS16-016) (2)

Microsoft Windows 7 - WebDAV Local Privilege Escalation MS16-016 2 Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this...

Ubiquiti Inc.: Source code disclosure on https://107.23.69.180

The researcher discovered a misconfigured GitHub repo leaking some sensitive data...

Vimeo: Images and Subtitles Leakage from private videos

Hello, There is a Vulnerability in https://player.vimeo.com/video/VIDEOID When a Video is private but embedable, there are some information about the video on the source code of the webpage, even if the user is not connected to Vimeo or doesn't have right to access the video. The following info a...

Discuz! source\function\function_discuzcode.php 存储型xss漏洞

No description provided by source...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

Android Security Bulletin—May 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

LocalTapiola: Source Code Disclosure on out of scope domain viestinta.lahitapiola.fi

Issue The reporter had found an open .git folder on one of our out of scope domains. Fix The issue was investigated and found to be valid. The source code was removed from the public server. The source code did not contain any business critical information and customer information was never at...