Lucene search
K

1289 matches found

0day.today
0day.today
added 2018/01/16 12:0 a.m.26 views

Kaseya VSA R9.2 Arbitrary File Read Vulnerability

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server including source code of Kaseya, the database backups, configuration files, and even...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/15 12:0 a.m.27 views

Kaseya VSA R9.2 Arbitrary File Read

------------------------------------------------------------------------ Arbitrary file read in Kaseya VSA ------------------------------------------------------------------------ Kin Hung Cheng, Robert Hartshorn, May 2017 ------------------------------------------------------------------------...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/10 2:40 p.m.43 views

Interview with CTO Michael Viscuso – Ransomware: The Problem That Won’t Go Away

Editor's Note: This article originally appeared on BankInfoSecurity.com Click here to listen to the full podcast Dealing with ransomware is a lot like dealing with mosquitos: The best approach is to anticipate getting bit and take steps to try to fend off attacks. But the growth of ransomware int...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/11/28 12:0 a.m.3 views

Update Rollup 14 for System Center 2012 R2 Data Protection Manager

Update Rollup 14 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing...

6.5AI score
Exploits0
Virtuozzo
Virtuozzo
added 2017/11/17 12:0 a.m.21 views

Product update: Virtuozzo PowerPanel RTM Hotfix 4 (7.0.1-422)

The new packages for Virtuozzo PowerPanel introduce a new feature as well as usability fixes. Vulnerability id: PP-336 Unable to select key combinations from the "Send Key Combination" list when using Mozilla Firefox. Vulnerability id: PP-506 Update could fail due to a package repository conflict...

1.8AI score
Exploits0
seebug.org
seebug.org
added 2017/11/09 12:0 a.m.35 views

Circle with Disney configure.xml Notifications Command Injection Vulnerability(CVE-2017-2917)

Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...

9.1AI score0.03245EPSS
Exploits2
OSV
OSV
added 2017/10/23 1:29 a.m.5 views

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

5.5CVSS5.8AI score0.00941EPSS
Exploits0References2
NVD
NVD
added 2017/10/23 1:29 a.m.16 views

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

5.5CVSS4.2AI score0.00941EPSS
Exploits0References2
Prion
Prion
added 2017/10/23 1:29 a.m.18 views

Code injection

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

4.3CVSS4.1AI score0.00941EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/23 1:0 a.m.21 views

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

4.2AI score0.00941EPSS
Exploits0References2
CVE
CVE
added 2017/10/23 1:0 a.m.82 views

CVE-2017-7079

CVE-2017-7079 affects iTunes before 12.7 (Mac OS X), via the Data Sync component. A crafted app may enable an attacker to access iOS backups created by iTunes. The vulnerability stems from an access control issue in the Data Sync workflow, allowing partial confidentiality impact without integrity...

5.5CVSS4.1AI score0.00941EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/10/11 12:0 a.m.4 views

Apple iTunes Security Bypass Vulnerability

Apple iTunes is a suite of media player applications from Apple, Inc. that are used to play and manage digital music and video files. A security bypass vulnerability exists in Apple iTunes versions prior to 12.7. The vulnerability can be exploited by an attacker to access iOS backups made through...

5.5CVSS5.2AI score0.00941EPSS
Exploits0References1
CVE
CVE
added 2017/10/04 1:0 a.m.47 views

CVE-2017-1000086

Summary: Multiple sources report a vulnerability in the Jenkins Periodic Backup Plugin (CVE-2017-1000086) involving missing permission checks and CSRF exposure. Affected component: Jenkins Periodic Backup Plugin (version 1.4 and earlier, per CNVD/CVE references). Root cause (as stated): The plugi...

8CVSS7.8AI score0.01072EPSS
Exploits0References2Affected Software1
Apple
Apple
added 2017/09/26 4:20 a.m.26 views

About the security content of iTunes 12.7 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

5.5CVSS0.8AI score0.00941EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2017/09/20 12:0 a.m.2 views

Apple iOS MobileBackup Backup Encryption Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices, and MobileBackup is one of the system backup components. A security vulnerability exists in the MobileBackup component in Apple iOS versions prior to 11. The vulnerability can be exploited by a remote attacker to read an...

7.5CVSS8AI score0.01113EPSS
Exploits0References1
Apple
Apple
added 2017/09/12 12:0 a.m.28 views

About the security content of iTunes 12.7

About the security content of iTunes 12.7 This document describes the security content of iTunes 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

5.5CVSS5.6AI score0.00941EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2017/08/18 4:29 p.m.6 views

PYSEC-2017-6

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...

6.5CVSS6.7AI score0.02466EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2017/08/18 4:29 p.m.23 views

CVE-2015-4082

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...

6.5CVSS6.7AI score0.02466EPSS
Exploits1References4
OSV
OSV
added 2017/08/18 4:29 p.m.4 views

UBUNTU-CVE-2015-4082

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...

6.5CVSS5.8AI score0.02466EPSS
Exploits1References5
NVD
NVD
added 2017/08/07 5:29 p.m.18 views

CVE-2015-7887

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups...

8.1CVSS7.8AI score0.01426EPSS
Exploits0References2
Rows per page
Query Builder