Task Manager (Task Killer) - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Task Manager Task Killer published at the 'play' market has multiple vulnerabilities...

Reminders - Task reminder app - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Reminders - Task reminder app published at the 'play' market has multiple vulnerabilities...

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the...

Race you to the kernel!

Posted by Ian Beer of Google Project Zero The OS X and iOS kernel code responsible for loading a setuid root binary invalidates the old task port after first swapping the new virtual memory map pointer into the old task object, leaving a short race window where you can manipulate the memory of an...

DEBIAN-CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

UBUNTU-CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

UBUNTU-CVE-2016-1922

QEMU aka Quick Emulator built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'currentcpu' remains null, which leads to the null pointer dereference. A user or...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Group Names field, 5 the Flow Monitor Credentials field, 6 the Flow...

Lenovo Solution Center 'LSCTaskService' Local Lift Vulnerability

Lenovo Solution Center is a suite of software from the Chinese company Lenovo that helps users quickly identify the state of system health, network connectivity and overall system security. A local elevation of privilege vulnerability exists in Lenovo Solution Center. A local attacker can exploit...

LXCFS Privilege Acquisition Vulnerability

LXCFS is a suite of user-space filesystem software for solving the Linux kernel's constraints. A security vulnerability exists in the 'dowritepids' function in the lxcfs.c file in versions prior to LXCFS 0.12. Due to the program failing to properly check permissions. A local attacker could exploi...

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

Document Title: =============== POP Peeper 4.0.1 - Persistent Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1657 Release Date: ============= 2015-11-26 Vulnerability Laboratory ID VL-ID: ====================================...

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

Apple OS X Kernel Elevation of Privilege Vulnerability

OS X formerly Mac OS X is the latest version of Apple's proprietary operating system for the Macintosh computer. A security vulnerability in the kernel of Apple OS X versions prior to 10.11.1 can be exploited by a local attacker to elevate privileges via type obfuscation in Mach task handling...

CVE-2015-5932

The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing...

Type confusion

The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing...

CVE-2015-5932

The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing...

Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends...

The vulnerability of the Windows operating system allows a perpetrator to circumvent access restrictions to the file system and delete arbitrary files.

The vulnerability of the Windows operating system’s task scheduler is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious individual to circumvent restrictions on access to the file system and delete arbitrary files...

My Government Doesn't Understand How Encryption and Cyber Security Work

Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that... ...Indian Government and related Policy-making organizations are going to set up their so-called "CyberSecurity Task Forces" or drafted a "National Cyber...

Design/Logic Flaw

The processorsettasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges...