Lucene search
K

2152 matches found

Mageia
Mageia
added 2014/07/04 6:26 p.m.57 views

Updated file packages fix security vulnerabilities

A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...

6.5CVSS7.6AI score0.15176EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2014/03/20 1:50 p.m.7 views

Malicious iOS Tor Browser in Apple App Store

An iOS Tor Browser hosted for download on Apple’s notoriously restrictive App Store is reportedly a fake. Worse yet, not only is the application said to be illegitimate, but also allegedly malicious. According to a support ticket opened by a Tor Project volunteer operating under the handle Phobos...

0.5AI score
Exploits0References3
Cisco
Cisco
added 2014/01/15 10:37 p.m.45 views

Cisco ISE Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...

4CVSS6.3AI score0.01436EPSS
Exploits0References1
Prion
Prion
added 2014/01/15 4:11 p.m.18 views

Design/Logic Flaw

The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...

4CVSS6AI score0.01436EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/01/15 3:0 p.m.25 views

CVE-2014-0665

The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...

5.6AI score0.01436EPSS
Exploits0References7
Kitploit
Kitploit
added 2013/12/23 5:29 p.m.968 views

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...

7.3AI score
Exploits0
FreeBSD
FreeBSD
added 2013/12/17 12:0 a.m.39 views

cURL library -- cert name check ignore with GnuTLS

cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...

4CVSS9.2AI score0.02761EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/12/02 10:0 p.m.22 views

CVE-2013-6695

The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...

5.6AI score0.00947EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/02 9:16 p.m.23 views

Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...

4CVSS3.1AI score0.00947EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/08/05 10:50 a.m.11 views

Tor Users Hit With Firefox Exploit, But No Large Compromise of Network Seen

The vulnerability in Firefox that was being used to exploit some users of Tor in recent days was fixed in a previous Firefox release and the exploit in circulation only works against people running Firefox 17. Over the weekend, word spread that the exploit was in the wild and that the Tor network...

Exploits0References4
Prion
Prion
added 2013/06/25 6:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/06/25 6:0 p.m.18 views

CVE-2013-2177

Cross-site scripting XSS vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label...

5.4AI score0.01161EPSS
Exploits0References5
Kitploit
Kitploit
added 2013/06/03 2:46 a.m.71 views

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured ...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/05/09 12:0 a.m.54 views

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8557)

This update of compat-curl2 fixes several security issues. - fixes for the cookie domain tailmatch vulnerability. bnc814655 - updated curl CA-Cert Bundle. bnc810010 - fixes for a potential BEAST attack bnc742306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

5CVSS8.8AI score0.04986EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/05/09 12:0 a.m.34 views

SuSE 10 Security Update : curl, curl (ZYPP Patch Number 8550)

This update fixes the cookie domain tailmatch vulnerability in curl. CVE-2013-1944 has been assigned to this issue. Also the CA-Cert Bundle has been updated to the current state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

5CVSS7.7AI score0.04986EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2012/11/05 10:52 p.m.7 views

Russian Underground Cybercrime market offering sophisticated services

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it wi...

6.7AI score
Exploits0
Drupal
Drupal
added 2012/03/28 12:0 a.m.20 views

SA-CONTRIB-2012-046 - Bundle Copy - Arbitrary Code execution

CVE: CVE-2012-2073 Bundle copy is a replacement for the Content copy module which lives in the CCK project for Drupal 6. Besides the ability to import and export content types, taxonomy and user entities are also supported. Field groups can be exported easily as well. The module doesn't...

6CVSS7.2AI score0.01821EPSS
Exploits0References10
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.26 views

Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"

"There is an EVIL bug in at least the Linux 2.2.35-8 Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle." https://trac.torproject.org/projects/tor/ticket/5417 Ticket 5417 new defect RelativeLink.sh in Tor browser bundle ha...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2011/09/04 12:0 a.m.19 views

ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle

Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...

4.3AI score
Exploits0
OSV
OSV
added 2011/08/31 12:0 a.m.9 views

DSA-2299-1 ca-certificates - untrusted root CA

Bulletin has no description...

7.2AI score
Exploits0
Rows per page
Query Builder