The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.

iFileExplorer Free for iPod Touch / iPhone version 2.8 suffers from a remote directory traversal vulnerability.

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

Singapore has retained its place at the top of fDi's Asia-Pacific Cities of the Future ranking, with Shanghai and Tokyo completing the top three list. 

Russia remains fDi’s most diversified commodity economy, while second ranked Brazil has displaced Ukraine into third place. Cathy Mullan reports.

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

Kuwait's National Vision 2035 has economic diversification at its heart. This move from hydrocarbon reliance to other sectors is attracting investor attention, as Wendy Atkins reports.

As the sun sets on California’s solar farms, a backup energy source deep in the Sierra Nevada Mountains springs to life.

In an announcement that was celebrated by the solar industry, yesterday U.S. trade officials said that bi-facial solar modules, which are solar modules that produce energy on both sides of the panel, would be exempt from import tariffs.

Natron Energy said that the California Energy Commission (CEC) awarded it a $3 million grant for “Advanced Energy Storage for Electric Vehicle Charging Support.” Natron will use the money to manufacture and install a high powered, long cycle life energy storage system at an EV Fast Charging station.

It may be safe for a bird to land on a wire, but not on two of them at once.

The Clean Power Alliance (CPA) has signed three long-term power purchase agreements, including two new solar projects and one existing small hydro project.

The Low Impact Hydropower Institute recently announced it had awarded low-impact certification status to two hydroelectric facilities:

Governor Andrew M. Cuomo has announced that the New York Power Authority is launching a 15-year modernization and digitization program to significantly extend the operating life of the Niagara Power Project.