CVE-2017-7981: Tuleap Remote OS Command Injection

Posted by Ben N on Apr 30

# Tuleap – Command Injection in Project Wiki

CVE: CVE-2017-7981

CVSSv3: 9.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C)

Versions affected: >= 8.3 and <= 9.6.99.86

## Introduction

Tuleap is a Libre suite to plan, track, code and collaborate on software
projects. Tuleap helps development teams to build awesome applications,
better, faster, easier.

## Background

Tuleap uses PHPWiki as a plugin to provide a weak feature…

Read more

PRL and CSRF vulnerabilities in D-Link DAP-1360

Posted by MustLive on Apr 30

Hello list!

After previous Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities, here are new ones. There are Predictable Resource Location
and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 (Wi-Fi
Access Point and Router).

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be…

Read more

360 security android app snoops data to China Unicom network via insecure HTTP

Posted by seclists on Apr 30

I have a further update on the issue. After uninstalling the 360 security android app, I found after repeated checks of
Network Info on my phone via the Ping & DNS app that even then the HTTP connection to IP address 123.125.114.8 still
frequently showed up. So, I monitored the network connections on my phone via the Network Connections app
(https://play.google.com/store/apps/details?id=com.antispycell.connmonitor) and found that this time…

Read more

Guiding Your Child Safely Into Digital Independence

One of the things that you see when hanging around at a busy mall or almost anywhere during the weekend is the picture of a mother that holds a smartphone in one hand, and a kid in the other. And very often even the kid is also holding a smart device. Yes, these are the days we live in. Parents use smart devices such as tablets and smartphones to keep the little ones entertained, the same way they entertain themselves. It looks like a scene of ‘Black Mirror’ as this is something that would not have been the case about 10-15 years ago.

With great power comes great responsibility

And of course, do not get us wrong, there are enormous benefits for our kids when it comes to cellphone and tablet usage. When properly controlled, they have access to vast amount of information and entertainment that previous generations could only have dreamed of having in the palm of their hand at any time.

However, with great power comes great responsibility. Many parents nowadays ask questions similar to when a child should become digitally independent and what the risks are and how a parent would be able to guide their children to a responsible use of their devices.

Well, the short answer is that before we let our children be digitally independent, we have to teach ourselves how to be a good role model for them.

Taking responsibility for their children’s behavior on the internet

Currently, it is not a secret a significant percent of parents take responsibility for their children’s behavior on the internet. Many solutions allow parents to be in control of their children’s digital lives. For example, mobile carriers here in the US have found a way to make an extra buck by giving parents the option to limit the amount of GBs they are using on the internet.

They are also able to restrict the amount of usage of an individual device. For example, you can setup a timer on your child’s tablet and give him screen time of 2 hours per weekday and 3 hours during the weekends. Those services are sometimes pricey, as we all know mobile carriers are greedy. So there are solutions offered by companies like Panda Security that allow you to track and control your children’s online behavior at a better price without the need to restrict them. Getting more for less sounds great, doesn’t it?

Solutions are there, so what is the problem?

The problem is that even though the percentage of responsible parents is high, parents still do not know how to control their children’s digital lives. For example, recent research shows almost one-third of the parents in the US are not managing their teenagers’ digital lifestyle at all.

The reason is that they are not entirely educated on the dangers smart devices hold. The last few years have certainly seen digital education added to a sizeable list of parental worries that include the more traditional staples of handing over the car keys and “who’s that guy she’s dating?”.

Safely monitoring

While it’s important to be on top of your child’s online security, parents do have to walk a fine line between spying on their kids, and safely monitoring their online activity from a distance. This is not easy if you don’t have the right tools, so Panda Security is here to the rescue. Our parental solutions give you the option always to be aware of any dangers while maintaining your child’s trust.

Let them be digitally independent whenever you want but continue to keep an eye on them. You do not want your kids to feel repressed, but to be safe. So instead of fighting with him/her, just install the right software that will give you the needed piece of mind and will keep your kids safe.

The post Guiding Your Child Safely Into Digital Independence appeared first on Panda Security Mediacenter.

Read More

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options

Posted by Securify B.V. on Apr 29

————————————————————————
SyntaxHighlight MediaWiki extension allows injection of arbitrary
Pygments options
————————————————————————
Yorick Koster, February 2017

————————————————————————
Abstract
————————————————————————
A vulnerability was found in the…

Read more

Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS

Posted by Securify B.V. on Apr 29

————————————————————————
Local privilege escalation vulnerability in HideMyAss Pro VPN client
v3.x for macOS
————————————————————————
Han Sahin, April 2017

————————————————————————
Abstract
————————————————————————
A local privilege escalation vulnerability…

Read more

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X

Posted by Securify B.V. on Apr 29

————————————————————————
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
————————————————————————
Han Sahin, April 2017

————————————————————————
Abstract
————————————————————————
Multiple local privilege…

Read more

Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could potentially allow hackers to steal data from and even implant malware on millions of Android smartphones.

The University of Michigan team says that the actual issue lies within apps that create open ports — a known problem with computers — on

Read More