2152 matches found
Cyber Security Training Courses – CISA, CISM, CISSP Certifications
Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...
Security Bulletin: Vulnerability in SSLv3 affects Warehouse Administration Console and Cubing Services components of IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows do not directly enable SSLv3. However, WAS WebSphere Application Server is bundled with IBM...
How to Collect Support Bundle from XenMobile Server CLI using FileZilla
This article describes how to collect XenMobile support bundle with FileZilla. FileZilla can be installed locally and act as FTP server...
9 Popular Training Courses to Learn Ethical Hacking Online
How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis. Do you also want to learn real-world hacking techniques but don't know where to start? This week's THN deal is for you. Today THN Deal Store has announced a new Super-Sized Ethic...
OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...
Important: java-1.8.0-openjdk
Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...
Important: java-1.8.0-openjdk
Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...
Linux Memory Cryptographic Keys Extractor: CryKeX
Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key entropic and specific length and then confirm its nature by analyzing the memory structure around it C data types. The idea is to dump...
Tor Browser Bundle Detection (Linux/Unix SSH Login)
Detection of presence of Tor Browser Bundle. The script logs in via ssh, searches for executable SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Directory Traversal
Symphony is vulnerable to directory traversal attacks. The read function in the bundle readers does not sanitize user input, allowing a malicious user to traverse the directory...
CVE-2017-16654: Intl bundle readers breaking out of paths
More info at https://symfony.com/cve-2017-16654...
Github Token Leak
Overview Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...
Directory Traversal
contao/core-bundle is vulnerable to directory traversal attacks. A logged in, back-end user can include and exclude local PHP files through URL manipulation...
UPDATE: OWASP Dependency-Check 2.1.0!
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...
Many of My E-Books for Cheap
Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see...
CVE-2017-1000037
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3270-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker...
USN-3270-1: NSS vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...
USN-3270-1 nss vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...
libreoffice: Heap-use-after-free in Bundle::GetIndex
Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5288817537843200 Project: libreoffice Fuzzer: libFuzzerlibreofficecgmfuzzer Fuzz target binary: cgmfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-use-after-fre...