Title: Signal-desktop HTML tag injection variant 2
Date Published: 2018-05-16
Last Update: 2018-05-16
CVE Name: CVE-2018-11101
Class: Code injection
Remotely Exploitable: Yes
Locally Exploitable: No
Vendors contacted: Signal.org
Vulnerability Description:
Signal-desktop is the standalone
According to Microsoft it is not a security concern: UAC is rendered useless by
the possibility of an unprivileged session to modify shortcuts to point at an
identical looking executable which can silently run malicious code with admin
approval, Windows defender would not help much.
I have
PDFParser vulnerability
Author : Webin security lab - dbapp security Ltd
===
Introduction:
=
A tool to parse pdf file.
Affected version:
=
lastest version
Vulnerability Description:
==
1. The ObjReader::ReadObj() function in
vcftools multiple vulnerabilities
Author : Webin security lab - dbapp security Ltd
===
Introduction:
=
A set of tools written in Perl and C++ for working with VCF files, such as
those generated by the 1000 Genomes Project.
Project website:
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
===
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P
