By now you’ve probably read that Congress passed and President Trump signed legislation undoing measures that would have prevented internet service providers (ISPs) from sharing or selling your web browsing history without your permission. That signature means companies such as Comcast, Verizon, and AT&T – who already can see your every online move – can profit from your private search data by selling it to advertisers.
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
Security information and event management solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets.
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
In libsndfile before 1.0.28, an error in the “flac_buffer_copy()” function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
In libsndfile before 1.0.28, an error in the “header_read()” function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
ILIAS before 5.2.3 has XSS via SVG documents.
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
