Foxit reader is prone to two remote code execution zero day vulnerabilities, which are found by Steven Seeley (mr_me) and Ariele Caltabiano (kimiya). Both vulnerabilities are due to the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations and also launching of any executable files. User interaction is […]

Read More →

Microsoft August 2017 Patch Tuesday addresses 48 security vulnerabilities in six of it’s main product categories. Amoung these 25 CVE’s are rated as Critical, 21 are rated as Important and 2 are rated as Moderate. More than two dozen remote code execution vulnerabilities are addressed in August 2017 security update. Among these security vulnerabilities, two […]

Read More →

Oracle has released 308 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – July 2017 provides fixes for a wide range of product families including Oracle Database Server, Oracle BI Publisher, Oracle Business Intelligence Enterprise Edition,  Oracle Endeca Server, Oracle Fusion Middleware, Oracle Outside In Technology,  Oracle WebLogic […]

Read More →

Adobe has released two security updates for Adobe Flash Player (APSB17-21) and Adobe Connect (APSB17-22) which covers a total of 6 CVEs. Adobe Flash Player addresses a critical vulnerability that could potentially allow an attacker to execute arbitrary code and resolves two important vulnerabilities that could lead to Information disclosure and Memory address disclosure. Adobe Connect addresses two […]

Read More →

Adobe has released three security updates for Adobe Flash Player (APSB17-17), Adobe Shockwave Player (APSB17-18), Adobe Captivate (APSB17-19) and Adobe Digital Editions (APSB17-20) which covers a total of 20 CVEs.  Adobe Flash Player address critical vulnerabilities that could potentially allow an attacker to take control of the affected system, Digital Editions resolves few critical and important vulnerabilities that […]

Read More →

Strbleed is a critical flaw in the implementation of Simple Network Management Protocol (SNMP). It leads to access-control bypass, possibly involving an ISP customization in some cases. The authentication bypass vulnerability affects several IoT devices, which can be exploited by attackers by sending random values in specific requests. The vulnerability is tracked as CVE 2017-5135. SNMP […]

Read More →