Lucene search
K

92 matches found

Imperva Blog
Imperva Blog
added 2020/01/07 9:5 p.m.72 views

Automated Attacks Call for Automated Protection – 2020 Trend #3

In our blog series on security trends, we’ve been diving deeper into the five security predictions for 2020 made by our CTO Kunal Anand during his fireside chat with Imperva CMO David Gee. Watch it here. As I'll discuss in my upcoming blog on defense-in-depth and reducing risk, being “connected”...

Exploits0
Qualys Blog
Qualys Blog
added 2019/12/20 4:0 p.m.229 views

Blue is a color we love but can’t Keep!

Recent reports this year revealed nearly 1 million computer systems are still vulnerable and exposed to BlueKeep in the wild. These systems are still easy targets for an unauthenticated attacker or malware to execute code leveraging this patchable vulnerability. Because so many systems are still...

10CVSS1.3AI score0.99999EPSS
Exploits123
ThreatPost
ThreatPost
added 2019/08/26 3:46 p.m.66 views

ThreatList: Half of All Social Media Logins Are Fraud

More than half of logins 53 percent on social-media sites are fraudulent; and 25 percent of all new account applications on social media are fake, according to a recent analysis. Those numbers far outstrip the overall rate of 10 percent of interactions being fraudulent. The Arkose Labs Q3 Fraud a...

1.4AI score
Exploits0References6
Imperva Blog
Imperva Blog
added 2019/07/11 9:48 p.m.99 views

A New Chapter in Bot Management Begins Today [Video]

I am excited to share that we have closed the acquisition of Distil Networks, the pioneer and leader in Bot Management. Over the past few weeks, we have been welcoming Distil’s employees into the Imperva family and have started integrating their powerful, analyst-recognized Bot Management solutio...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/06/04 3:33 p.m.77 views

Imperva to Acquire Distil Networks, the Leader in Bot Management

As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2019/04/13 9:49 p.m.243 views

0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S

0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...

7.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/03/06 7:42 p.m.86 views

RSA Conference 2019: How to Defend Against an AI vs AI Flash War

SAN FRANCISCO – As perimeter cyber defenses adopt new strategies such artificial intelligence and machine learning, security experts predict adversaries will adopt similar techniques when it comes to an attack chain. Derek Manky, chief of security insights at Fortinet, said that “black-hat...

7.2AI score
Exploits0
pentestit
pentestit
added 2019/01/30 1:7 a.m.94 views

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

1.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/12/10 1:11 p.m.77 views

Defending Credentials From Automated Attack Tools

By Danny Wasserman The folks on the Akamai Professional Services team are the people who help implement, configure, and tune the cloud security products that protect our customers' web applications from the daily onslaught of bots blasting login attempts against their websites, mobile apps, and...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2016/02/17 2:45 a.m.300 views

NoSQLMap v0.6 - Automated NoSQL Database Pwnage

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

8.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/10/30 9:8 a.m.10 views

'Every Drupal 7 Site Was Compromised' Unless Patched By Oct. 15

The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL...

1.3AI score
Exploits0References3
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.320 views

Multiple vulnerabilities in Joomla-Base

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2014/04/12 2:49 p.m.15 views

IRCCloud: CSRF - Creating accounts

Hi there, I've discovered the following CSRF issue: There's no CSRF / Bot protection on the registration form. Details An attacker could automate the registration process to flood your database with invalid/useless accounts. He could also source the process out to his victims CSRF. Steps to...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2013/02/21 3:58 p.m.12 views

Avoid The Attack Attribution Distraction

Plenty has been written this month about attack attribution, but, really, if your network is under siege, how often does the “who” matter as much as the “how,” “what,” and “where”? It seems that knowing who the actor is behind a network intrusion matters little to a bank, restaurant or retail...

Exploits0References9
Packet Storm
Packet Storm
added 2011/04/03 12:0 a.m.51 views

MyBB 1.6.1 Login Enumeration / Cross Site Scripting

Hello list! I want to warn you about Abuse of Functionality, Insufficient Anti-automation, XML Injection and Cross-Site Scripting vulnerabilities in MyBB. ------------------------- Affected products: ------------------------- Vulnerable are MyBB 1.6.1 and previous versions. In versions MyBB 1.6.2...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/03/04 12:0 a.m.191 views

Vulnerabilities in DataLife Engine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в DataLife Engine DLE. Abuse of Functionality: http://site/index.php?do=register На странице регистрации функция "Проверить имя" позволяет выявить логины пользователей в системе...

Exploits0
ThreatPost
ThreatPost
added 2009/04/23 7:7 p.m.20 views

Cybergangs use cheap labor to break codes on social sites

From USA Today Byron Acohido It’s become the new front in cybercrime: scams and identity-theft programs that attack e-mail accounts and users of social-networking sites such as Facebook and MySpace. To carry out many of these automated attacks, cybercriminals first must overcome “captchas,” the...

2.1AI score
Exploits0References1
NVD
NVD
added 2008/04/30 1:7 a.m.21 views

CVE-2008-2019

Simple Machines Forum SMF, probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file aka audio CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists...

7.5CVSS6.6AI score0.04054EPSS
Exploits0References6
Cvelist
Cvelist
added 2008/04/30 1:0 a.m.20 views

CVE-2008-2020

The CAPTCHA implementation as used in 1 Francisco Burzi PHP-Nuke 7.0 and 8.1, 2 my123tkShop e-Commerce-Suite aka 123tkShop 0.9.1, 3 phpMyBitTorrent 1.2.2, 4 TorrentFlux 2.3, 5 e107 0.7.11, 6 WebZE 0.5.9, 7 Open Media Collectors Database aka OpenDb 1.5.0b4, and 8 Labgab 1.1 uses a codebg.jpg...

7.6AI score0.01673EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2008/04/21 12:0 a.m.24 views

SMF 1.1.4 - Audio CAPTCHA Security Bypass

source: https://www.securityfocus.com/bid/28866/info SMF Simple Machine Forum is prone to a security-bypass vulnerability that occurs in the audio CAPTCHA protocol. Successfully exploiting this issue may allow attackers to send unsolicited spam or perform other automated attacks...

7.4AI score
Exploits0
Rows per page
Query Builder