Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim’s mobile app account without any knowledge of the victim.

A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found [PPT] that most of the popular mobile apps that support

Full Disclosure

Re: [oss-security] CVE request:Lynx invalid URL parsing with '?'

November 5, 2016 007admin

Posted by Thomas Dickey on Nov 04

Actually, it does parse correctly. Go read RFC 1738.

What can be improved here is adding some warnings about a few of the cases
where users can be confused by legal URL syntax. I’m working on that.

Full Disclosure

MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )

November 5, 2016 007admin

Posted by Dawid Golunski on Nov 04

CVE-2016-6664 / (Oracle)CVE-2016-5617
Vulnerability: MySQL / MariaDB / PerconaDB – Root Privilege Escalation

Discovered by:
Dawid Golunski
@dawid_golunski
https://legalhackers.com

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected
by a privilege escalation vulnerability which can let attackers who have
gained access to mysql system user (for example through CVE-2016-6663)
to further escalate their privileges to root user…

007 Software

Monthly Archives: November 2016

Grimbb 1.3 Hash Disclosure

ansible-2.2.0.0-3.el6

ansible-2.2.0.0-3.el7

ansible-2.2.0.0-3.fc24

ansible-2.2.0.0-3.fc25

Microsoft Internet Explorer 9 MSHTML CPtsTextParaclient::CountApes Out-Of-Bounds Read

Re: [oss-security] CVE request:Lynx invalid URL parsing with '?'

Over 1 Billion Mobile App Accounts can be Hijacked Remotely with this Simple Hack

Re: [oss-security] CVE request:Lynx invalid URL parsing with '?'

MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )

Software and Security Information