The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
Monthly Archives: May 2016
Bugtraq: [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
Bugtraq: [SECURITY] [DSA 3587-1] libgd2 security update
[SECURITY] [DSA 3587-1] libgd2 security update
Bugtraq: [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
Bugtraq: [CVE-2016-4432] Apache Qpid Java Broker – authentication bypass
[CVE-2016-4432] Apache Qpid Java Broker – authentication bypass
Apache PDFBox 1.8.11 / 2.0.0 / XML Injection
Apache PDFBox versions 1.8.0 through 1.8.11 and 2.0.0 suffer from an XML external entity injection vulnerability.
Cybercrime Hit Businesses Hardest in 2015, says IC3 Report
Businesses were hit hardest by inbox-based scams in 2015 that robbed U.S. companies of $263 million.
Faraday 1.0.20
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Facebook Ads now Tracks you, Even if you don't have an Account
There’s nowhere to hide across the web, especially from the marketing and advertising companies.
If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts.
Until now, Facebook was showing targeted ads only to its users, but now the social networking
Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting
The login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the “NSC_TMAC” cookie.