Lucene search
+L

136 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2019/02/18 10:21 a.m.112 views

Sinking a ship and hiding the evidence

Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVD...

10CVSS9.4AI score0.0719EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/03 6:56 a.m.53 views

Hacking Navtex maritime warning messages

When data roaming was still expensive across Europe and cellular data service was patchy, I used Navtex extensively whilst sailing in the Mediterranean. Every four hours, one could get a useful marine weather forecast. Was there a fun days sailing ahead, or was a dash for port and gin & tonic in ...

6.8AI score
Exploits0
CVE
CVE
added 2018/03/28 10:0 p.m.93 views

CVE-2018-0183

Cisco IOS XE Software for Cisco 4000 Series routers contains a local privilege-escalation (CVE-2018-0183) in the CLI parser. An authenticated attacker with privileged EXEC (level 15) can exploit crafted CLI arguments to gain access to the device’s underlying Linux shell and execute commands as ro...

7.2CVSS7AI score0.00424EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.22 views

Virtuozzo 6 : squid34 (VZLSA-2017-0183)

An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.5AI score0.06766EPSS
Exploits0References3
CVE
CVE
added 2017/04/12 2:0 p.m.98 views

CVE-2017-0183

CVE-2017-0184 is a Hyper-V Denial of Service vulnerability caused by improper validation of input from a privileged user on a guest OS. Exploitation could crash the host Hyper-V service. A known remediation is the security update KB3217841 (April 2017).

6.3CVSS5.9AI score0.04412EPSS
Exploits0References2Affected Software5
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.96 views

Microsoft Windows Monthly Rollup (KB4015550)

This host is missing a monthly rollup according to Microsoft KB4015550. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.4AI score0.45648EPSS
Exploits9References29
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.126 views

Microsoft Windows Monthly Rollup (KB4015549)

This host is missing a monthly rollup according to Microsoft security update KB4015549. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS6.8AI score0.99933EPSS
Exploits33References20
Virtuozzo
Virtuozzo
added 2017/01/26 12:0 a.m.17 views

Virtuozzo Linux Errata and Security Advisory 2017:0183 Moderate

Upstream security update. Follow RHSA-2017-0183 for details...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.47 views

Oracle Linux 6 : squid34 (ELSA-2017-0183)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-0183 advisory. 7:3.4.14-9.4 - Resolves: 1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing Tenable has extracted the preceding...

7.5CVSS6.7AI score0.06766EPSS
Exploits0References2
CVE
CVE
added 2016/05/11 1:0 a.m.116 views

CVE-2016-0183

Summary: CVE-2016-0183 is a remote code execution flaw in the Windows font library used by Microsoft Office components (Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, Office Web Apps 2010 SP2). What’s affected: Windows Font Library within affected Office p...

9.3CVSS8.2AI score0.15704EPSS
Exploits0References2Affected Software4
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.13 views

Microsoft Office Graphics Information Disclosure (MS16-054: CVE-2016-0183)

An information disclosure vulnerability exists in Microsoft Office Graphics. The vulnerability is due to an out of bound memory read resulting in a memory safety issue. A successful exploitation of the issue could allow an attacker to achieve information disclosure...

9.3CVSS7.2AI score0.15704EPSS
Exploits0
Kaspersky
Kaspersky
added 2016/05/10 12:0 a.m.104 views

KLA10804 Code execution vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities 1. An improper memory objects handling can be exploited remotely via a specially designed content; 2. An...

9.3CVSS8.7AI score0.29354EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2016/05/10 12:0 a.m.115 views

MS16-054: Security Update for Microsoft Office (3155544)

The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing ...

9.3CVSS8.4AI score0.29354EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.52 views

Oracle: Security Advisory (ELSA-2011-0183)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.7AI score0.10731EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...

10CVSS6.4AI score0.07497EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2014/05/19 12:0 a.m.32 views

GLSA-201405-10 : Rack: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201405-10 Rack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with...

5.1CVSS7.2AI score0.05281EPSS
Exploits0References6
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.85 views

[SECURITY] [DSA 2783-2] librack-ruby regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...

5.1CVSS3.8AI score0.05281EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/10/22 12:0 a.m.31 views

Debian DSA-2783-1 : librack-ruby - several vulnerabilities

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS6.9AI score0.05281EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2013/10/21 12:0 a.m.45 views

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS1.4AI score0.05281EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.36 views

Oracle Linux 6 : openoffice.org (ELSA-2011-0183)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0183 advisory. - CVE-2010-4643 heap based buffer overflow when parsing TGA files - CVE-2010-4253 heap based buffer overflow in PPT import - CVE-2010-3450 directory...

9.3CVSS5.9AI score0.10731EPSS
Exploits0References9
Rows per page
Query Builder