PAX Technology A930 数据伪造问题漏洞

The PAX Technology A930 is an Android mobile payment terminal from China-based PAX Technology. The PAX Technology A930 PayDroid7.1.1VirgoV04.3.26T120210419 version suffers from a Data Forgery Issue vulnerability that originates from allowing a root-privileged attacker to install an unsigned...

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

Safari User-Assisted Download / Run Attack

This Metasploit module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the...