Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,

Pixie image Editor SSRF vulnerability for CVE-2017-12905title: Pixie image Editor SSRF vulnerability for CVE-2017-12905Date: 20/09/2017Vulnerability Type： SSRF(Server Side Request Forgery)Vendor of Product： vebto（vebto.com）Attack Type： RemoteImpact： ImportentAuthor：BeiJing Baimaohui technology co., LTD.Version： Pixie Image Editor 1.4 and 1.7CVE-ID : CVE-2017

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Ins

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Identifier: ESA-2017-098CVE Identifier: CVE-2017-8013Severity Rating: CVSS v3 Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Data Protection Advisor versions 6.3.x* EMC Data Protection Adviso

It’s official, the Equifax data breach case was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The Equifax data breach case was solved, that incident was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be

A new security flaw detected in Apache Struts allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.Although the Apache Software Foundation classified it as a medium severity vulnerability, Cisco has outlined a long list of its products in the Security Advisory that are affected by this flaw.Extent of the problemThe vulnerabilit

Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word. CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploite

Hackers are exploiting in the wild a critical remote code execution vulnerability in Apache Struts 2, tracked as CVE-2017-9805, that was patched a few days ago. The vulnerability tracked as CVE-2017-9805 is related to the way Struts deserializes untrusted data, it affects all versions of Apache Struts since 2008, from Struts 2.5 to Struts 2.5.12. The experts

I. BACKGROUNDAerohive Networks HiveManager Classic Online NMS is a cloud-enabledenterprise-class management system for Aerohive networking products.HiveManager Classic Online offers simple policy creation, firmwareupgrades, and centralized monitoring of thousands of Aerohive accesspoints, switches, and branch routers.Responsible disclosure with Aerohive: Aer

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-099: EMC AppSync SQL Injection VulnerabilityEMC Identifier: ESA-2017-099CVE Identifier: CVE-2017-8015Severity Rating: CVSS v3 Base Score: 8.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)Affected products: EMC AppSync all versions prior to 3.5Summary: EMC AppSync contains a SQL injection vulnerability that cou

by Jason Gu and Seven Shen Just about anyone can appreciate a good old meme GIF every now and then, but what if one caused your Android Messages to crash? A denial-of-service vulnerability we recently disclosed to Google can do exactly that and more. Designated as CVE-2017-0780, we’ve confirmed it to be in the latest Nexus and Pixel devices. The security fla

Document Title:===============Wibu Systems AG CodeMeter 6.50 - Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2074ID: FB49498Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13754CVE-ID:=======CVE-2017

Document Title:===============Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability References (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2085Release Date:=============2017-09-04Vulnerability Laboratory ID (VL-ID):====================================2085Common Vulnerability Scoring System:===========================