Red Hat Enterprise Linux: New nss_wrapper packages are now available for Red Hat Software Collections.
Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit
Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot.
Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian
Scout Browser goes under peer review
It’s not enough to say you are good. The moment of truth is when an outside expert or peer takes a hard look at what you do – and then gives you an educated thumbs up. In academia, this is a peer review and it is essential for any worthwhile paper. For software developers, it […]
The post Scout Browser goes under peer review appeared first on Avira Blog.
CVE-2017-7628
The “Smart related articles” extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
CVE-2017-7626
The “Smart related articles” extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
CVE-2017-7627
The “Smart related articles” extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
Wireshark Analyzer 2.2.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
Ansvif 1.7
Ansvif is “A Not So Very Intelligent Fuzzer”. It feeds garbage arguments and data into programs trying to induce a fault.
Nintendo 3DS DNS Client Resolver Predictable TXID
The Nintendo 3DS DNS client resolver library uses a predictable (incremented) TXID allowing for the spoofing of responses.
Adobe Creative Cloud Desktop Application 4.0.0.185 Privilege Escalation
Adobe Creative Cloud Desktop Application versions 4.0.0.185 and below suffers from a privilege escalation vulnerability.