Google Android MediaTek Driver CVE-2017-0529 Information Disclosure Vulnerability
Monthly Archives: March 2017
Vuln: Google Pixel Qualcomm Bootloader CVE-2017-0455 Information Disclosure Vulnerability
Google Pixel Qualcomm Bootloader CVE-2017-0455 Information Disclosure Vulnerability
HP Security Bulletin HPESBHF03716 1
HP Security Bulletin HPESBHF03716 1 – A potential security vulnerability has been identified in IMC PLAT. The vulnerability could be remotely exploited to bypass authentication. Revision 1 of this advisory.
KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery
Posted by KoreLogic Disclosures on Mar 10
KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery
Title: WatchGuard XTMv User Management Cross-Site Request Forgery
Advisory ID: KL-001-2017-004
Publication Date: 2017.03.10
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt
1. Vulnerability Details
Affected Vendor: WatchGuard
Affected Product: XTMv
Affected Version: v11.12 Build 516911
Platform: Embedded Linux…
Home Depot agrees to $25 million settlement for data breach
US retail giant Home Depot is set to pay a $25 million settlement in relation to a data breach suffered in 2014.
The post Home Depot agrees to $25 million settlement for data breach appeared first on WeLiveSecurity
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell.
CVE-2017-6550: Kinsey Infor-Lawson – Multiple SQL Injections
Posted by Michael Benich on Mar 10
Summary: Kinsey’s Infor-Lawson application (formerly ESBUS) is vulnerable to SQL injection in at least two parameters:
————————————————————————
Vendor: Kinsey
————————————————————————
Software Link:
[](https://c4b.epson-biz.com/modules/community/index.php?content_id=50)http://www.kinsey.com/infor-lawson.html…
DAVOSET v.1.3
Posted by MustLive on Mar 10
Hello participants of Mailing List.
Since announcement of DAVOSET in 2010 and after making its public release in
2013, I’ve made next update of the software. At 9th of March DAVOSET v.1.3
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/). On the anniversary of cyberwar
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-March/010839.html).
Video demonstration of DAVOSET:…
Google Chrome 57 Browser Update Patches ‘High’ Severity Flaws
Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.
Apache Attack Traffic Dropping, Limited to Few Sources
While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.