CVE-2014-6195

The CVE affects IBM Tivoli Storage Manager (TSM) Backup-Archive Client Java GUI and Web GUI when using Data Protection for Domino. Local attackers can bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. Affected versions include 5.4–5.5 before 5....

DroidStealth — Android Encryption Tool with Stealth Capabilities

We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement? What if the encrypted files don’t exist in th...

VMware vSphere Data Protection Certificate Validation (VMSA-2015-0002)

The version of VMware vSphere Data Protection installed on the remote host is 5.1.x / 5.5.x prior to 5.5.9, or 5.8.x prior to 5.8.1. It is, therefore, affected by a certificate validation vulnerability that allows man-in-the-middle MitM attacks. C Tenable Network Security, Inc. include"compat.inc...

VMware vSphere Data Protection certificate validation bypass

Insufficient server certificate validation...

NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0002 Synopsis: VMware vSphere Data Protection product update addresses a certificate validation vulnerability. Issue date:...

VMware vSphere Data Protection Certificate Validation Security Bypass Vulnerability

VMWare is a "virtual PC" software that allows you to run two or more Windows, DOS, or Linux systems on a single machine at the same time. A validation security bypass vulnerability exists in the VMware vSphere data protection certificate, which can be exploited by an attacker to perform a...

Design/Logic Flaw

VMware vSphere Data Protection VDP 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store ADS and Avamar Virtual Edition AVE 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoo...

CVE-2014-4632

VMware vSphere Data Protection VDP 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store ADS and Avamar Virtual Edition AVE 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoo...

CVE-2014-4632

Affected products: VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1; also the EMC Avamar proxy client components (ADS/AVE) 6.x and 7.0.x. Root cause: SSL certificate validation is insufficient; VDP and Avamar proxy fail to properly verify X.509 certificates from vC...

Snom IP Phones - Multiple Vulnerabilities

Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities. title: Multiple critical vulnerabilities product: snom IP phones vulnerabl...

CA ARCserve Backup DB Engine Denial of Service - Ver2 (CVE-2008-4399)

CA ARCserve Backup products offer data protection for distributed servers, clients,databases and applications. They provide centralized control over a series of distributed operationsincluding Backup and Restore, Data Migration, and Threat Management. There exists a denial of service vulnerabilit...

CA ARCserve Backup DB Engine Denial of Service - Ver2 (CVE-2008-4399)

CA ARCserve Backup products offer data protection for distributed servers, clients,databases and applications. They provide centralized control over a series of distributed operationsincluding Backup and Restore, Data Migration, and Threat Management. There exists a denial of service vulnerabilit...

Smartphone Owners Lack Motivation to Adequately Lock Devices

A quarter of smartphone owners don’t lock their devices because they don’t believe they have any data worth protecting. Even more refrain from doing it because they feel like it’s too much of a hassle. That’s at least according to a new study carried out by six researchers, four from the Universi...

VMSA-2014-0011:VMware vSphere Data Protection product update addresses a CRITICAL information disclosure vulnerability.

VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0011 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a critic...

Wyden: Surveillance is a 'Clear and Present Danger' to the Digital Economy

The pervasive dragnet surveillance of Americans revealed by the Edward Snowden documents has caused serious damage to the trust that enterprises and citizens had in the United States government and unless that trust is repaired, it could have serious effects on the Internet economy, a panel of...

Experts Laud Changes to iPhone, Android Encryption

The changes that both Google and Apple have made to their mobile operating systems to encrypt the data on users’ devices have generated praise from the security and privacy communities and vitriol and criticism from the law enforcement and political worlds in equal measure. The changes to iOS and...

Apple Extends Two-Factor Authentication to iCloud

Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID. The extension of 2FA–which Apple calls two-step verification–to iCloud comes two weeks after...

Cisco IOS XR Software Information Disclosure Vulnerability

A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...

NSA threatened Yahoo with $250,000 Daily Fine For Opposing Surveillance Request

Yahoo! has broke its silence and explained why it handed over its users’ data to United States federal officials, thereby promising to expose those court documents which ordered the snooping. The US government threatened Internet giant with a $250,000 fine per day several years ago if it failed t...

TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities

TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities Document Title: =============== TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laborator...