Category: Security Bulletins

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.

Cross-site scripting (XSS) vulnerability in Nagios.

Im involved in a project to deploy a SIEM (Security Information Event Management) / SOC (Security Operation Center) for a customer. The current approach is to outsource the services to an external company also called a MSSP (Managed Security Services Provider). We had an interesting chat about the pro con to have an internal or …

Read more “Pro & Con of Outsourcing your SOC, (Fri, Mar 31st)”

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted ‘action’ parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted ‘type’ parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools …

Read more “CVE-2017-7241”

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.