Remote code execution is possible via Apache Struts 2 framework, when performing file upload based on Jakarta multipart parser. There are already several exploits in the wild (CVE-2017-5638).
A high-severity vulnerability in Microsoft's Edge and Internet Explorer browsers allows attackers to execute malicious code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code (CVE-2017-0037).
It has been reported that there exists a way to misuse the Cisco Smart Install protocol messages. The misuse is directed towards Smart Install Clients allowing an unauthenticated remote attacker to change the startup configuration, load...
A vulnerability called Ticketbleed in F5 BIG-IP devices (CVE-2016-9244) could allow an unauthenticated, remote attacker to obtain sensitive information from memory if the non-default Session Tickets option is enabled for a Client SSL profile.
A vulnerability in CISCO WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the browser on the affected system. This vulnerability concerns browser extensions for CISCO WebEx...
On 29th of November 2016, a JavaScript code exploiting a vulnerability in Firefox has been discovered. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load...
TDC-SOC-CERT the CERT from TDC A/S, a Danish telecommunications company, observed and started analyzing a number of denial of service attacks (DOS) based on the ICMP protocol.
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system."
It has been reported a serious vulnerability that has been present for nine years in a section of the Linux kernel, which is most probably part of all the distributions of this OS.
The advisory recommends integrity checks and provides detection guidance for the IKEv1 vulnerabilities discovered by CISCO in its devices.
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS to address multiple critical vulnerabilities.
Three critical zero-day vulnerabilities were discovered, impacting Apple iOS and OS X devices. This advisory presents recommendations for end-users and Mobile Device Management administrators.
On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include Fortinet devices. This advisory presents risk...
On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include CISCO Adaptive Security Appliance (ASA) and PIX...
The Server Message Block (SMB) protocol is a network protocol allowing files and printers sharing over different networks (TCP/IP included).
Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests...
The RESTful Web Services module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
The Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
On May 3rd, 2016, security researchers reported several bugs in ImageMagick [1], a package commonly used by web services to process images. [2][3]
On April 12th, 2016 Badlock, a crucial security bug in Windows and Samba was disclosed.
The March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe vulnerabilities in Cisco IOS Software.
Version: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..