1289 matches found
Kaseya VSA R9.2 Arbitrary File Read Vulnerability
A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server including source code of Kaseya, the database backups, configuration files, and even...
Kaseya VSA R9.2 Arbitrary File Read
------------------------------------------------------------------------ Arbitrary file read in Kaseya VSA ------------------------------------------------------------------------ Kin Hung Cheng, Robert Hartshorn, May 2017 ------------------------------------------------------------------------...
Interview with CTO Michael Viscuso – Ransomware: The Problem That Won’t Go Away
Editor's Note: This article originally appeared on BankInfoSecurity.com Click here to listen to the full podcast Dealing with ransomware is a lot like dealing with mosquitos: The best approach is to anticipate getting bit and take steps to try to fend off attacks. But the growth of ransomware int...
Update Rollup 14 for System Center 2012 R2 Data Protection Manager
Update Rollup 14 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing...
Product update: Virtuozzo PowerPanel RTM Hotfix 4 (7.0.1-422)
The new packages for Virtuozzo PowerPanel introduce a new feature as well as usability fixes. Vulnerability id: PP-336 Unable to select key combinations from the "Send Key Combination" list when using Mozilla Firefox. Vulnerability id: PP-506 Update could fail due to a package repository conflict...
Circle with Disney configure.xml Notifications Command Injection Vulnerability(CVE-2017-2917)
Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
Code injection
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
CVE-2017-7079
CVE-2017-7079 affects iTunes before 12.7 (Mac OS X), via the Data Sync component. A crafted app may enable an attacker to access iOS backups created by iTunes. The vulnerability stems from an access control issue in the Data Sync workflow, allowing partial confidentiality impact without integrity...
Apple iTunes Security Bypass Vulnerability
Apple iTunes is a suite of media player applications from Apple, Inc. that are used to play and manage digital music and video files. A security bypass vulnerability exists in Apple iTunes versions prior to 12.7. The vulnerability can be exploited by an attacker to access iOS backups made through...
CVE-2017-1000086
Summary: Multiple sources report a vulnerability in the Jenkins Periodic Backup Plugin (CVE-2017-1000086) involving missing permission checks and CSRF exposure. Affected component: Jenkins Periodic Backup Plugin (version 1.4 and earlier, per CNVD/CVE references). Root cause (as stated): The plugi...
About the security content of iTunes 12.7 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Apple iOS MobileBackup Backup Encryption Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices, and MobileBackup is one of the system backup components. A security vulnerability exists in the MobileBackup component in Apple iOS versions prior to 11. The vulnerability can be exploited by a remote attacker to read an...
About the security content of iTunes 12.7
About the security content of iTunes 12.7 This document describes the security content of iTunes 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
PYSEC-2017-6
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
CVE-2015-4082
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
UBUNTU-CVE-2015-4082
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
CVE-2015-7887
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups...