Lucene search
K

2152 matches found

The Hacker News
The Hacker News
added 2018/07/19 1:22 p.m.2 views

Cyber Security Training Courses – CISA, CISM, CISSP Certifications

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...

6.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:7 p.m.35 views

Security Bulletin: Vulnerability in SSLv3 affects Warehouse Administration Console and Cubing Services components of IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows do not directly enable SSLv3. However, WAS WebSphere Application Server is bundled with IBM...

4.3CVSS3.3AI score0.99999EPSS
Exploits7Affected Software1
Citrix
Citrix
added 2018/06/04 12:0 a.m.10 views

How to Collect Support Bundle from XenMobile Server CLI using FileZilla

This article describes how to collect XenMobile support bundle with FileZilla. FileZilla can be installed locally and act as FTP server...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/19 2:26 p.m.1 views

9 Popular Training Courses to Learn Ethical Hacking Online

How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis. Do you also want to learn real-world hacking techniques but don't know where to start? This week's THN deal is for you. Today THN Deal Store has announced a new Super-Sized Ethic...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/02/26 9:32 p.m.5 views

OpenJDK: loading of classes from untrusted locations (I18n, 8182601)

It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...

4.5CVSS7.7AI score0.00631EPSS
Exploits0References4
Amazon
Amazon
added 2018/02/07 12:0 a.m.52 views

Important: java-1.8.0-openjdk

Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...

8.3CVSS7.7AI score0.06905EPSS
Exploits0
Amazon
Amazon
added 2018/02/07 12:0 a.m.56 views

Important: java-1.8.0-openjdk

Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...

8.3CVSS7.8AI score0.06905EPSS
Exploits0
n0where
n0where
added 2017/11/28 5:0 a.m.35 views

Linux Memory Cryptographic Keys Extractor: CryKeX

Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key entropic and specific length and then confirm its nature by analyzing the memory structure around it C data types. The idea is to dump...

0.6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2017/11/28 12:0 a.m.11 views

Tor Browser Bundle Detection (Linux/Unix SSH Login)

Detection of presence of Tor Browser Bundle. The script logs in via ssh, searches for executable SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

7.3AI score
Exploits0
Veracode
Veracode
added 2017/11/21 6:26 a.m.24 views

Directory Traversal

Symphony is vulnerable to directory traversal attacks. The read function in the bundle readers does not sanitize user input, allowing a malicious user to traverse the directory...

7.5CVSS7.5AI score0.02677EPSS
Exploits0References4Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/16 3:15 p.m.30 views

CVE-2017-16654: Intl bundle readers breaking out of paths

More info at https://symfony.com/cve-2017-16654...

7.5CVSS7.2AI score0.02677EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/10/12 7:20 p.m.96 views

Github Token Leak

Overview Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...

5CVSS4.9AI score0.01177EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/07/25 2:58 a.m.11 views

Directory Traversal

contao/core-bundle is vulnerable to directory traversal attacks. A logged in, back-end user can include and exclude local PHP files through URL manipulation...

8.8CVSS8.5AI score0.01962EPSS
Exploits0References1Affected Software2
pentestit
pentestit
added 2017/07/25 12:17 a.m.90 views

UPDATE: OWASP Dependency-Check 2.1.0!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/18 11:38 a.m.49 views

Many of My E-Books for Cheap

Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see...

7AI score
Exploits0
OSV
OSV
added 2017/07/17 1:18 p.m.3 views

CVE-2017-1000037

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...

9.8CVSS6.2AI score0.06176EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/04/28 12:0 a.m.77 views

Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3270-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker...

9.8CVSS7.9AI score0.95707EPSS
Exploits7References3
Ubuntu
Ubuntu
added 2017/04/27 4:47 p.m.129 views

USN-3270-1: NSS vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

9.8CVSS7.8AI score0.95707EPSS
Exploits7
OSV
OSV
added 2017/04/27 4:47 p.m.10 views

USN-3270-1 nss vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

9.8CVSS7AI score0.95707EPSS
Exploits7References3
ossfuzz
ossfuzz
added 2017/04/27 6:39 a.m.18 views

libreoffice: Heap-use-after-free in Bundle::GetIndex

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5288817537843200 Project: libreoffice Fuzzer: libFuzzerlibreofficecgmfuzzer Fuzz target binary: cgmfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-use-after-fre...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder