eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by[…]
Browsing Tag: vulnerabilities
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code.
Students from M.I.T. have devised a new way to scour raw code for integer overflows.
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code.
A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes.
A cross-site request forgery (CSRF) vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users personal information.
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones. Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is[…]
Pinterest announced this week that it would begin paying cash rewards through its bug bounty program, and said that its move to HTTPS paved the way.
Researcher Patrick Wardle of Synack is expected this week at CanSecWest to unveil malicious dylib attacks against Apple’s Mac OS X.