Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, “Internet Explorer Elevation of Privilege Vulnerability.”
Monthly Archives: March 2017
CVE-2017-0149
Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
CVE-2017-0147
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka “Windows SMB Information Disclosure Vulnerability.”
McDonald's Twitter Hacked, Insults Trump
Russia Denies Yahoo Hack Involvement
ABTA Website Hacked, 43,000 People Affected By Breach
Intel Touts Bug Bounties To Hardware Hackers
AXIS Network Camera Cross Site Scripting
AXIS Network Cameras suffer from multiple cross site scripting vulnerabilities.
AXIS Communications Cross Site Request Forgery
AXIS Communications suffers from a cross site request forgery vulnerability.
AXIS Communications XSS / Content Inclusion
AXIS Communications with firmware versions prior to 5.80.x suffer from cross site scripting and content inclusion vulnerabilities.