Lucene search
K

663 matches found

CNVD
CNVD
added 2019/12/06 12:0 a.m.4 views

Path Traversal Vulnerability in Multiple Huawei Products

Huawei P30 and others are products of Huawei, a Chinese company.Huawei P30 is a smartphone.Huawei P30 Pro is a smartphone.Huawei M6 is a tablet. A path traversal vulnerability exists in multiple Huawei products, where the system fails to adequately verify the path name from an application, which...

5.5CVSS6.5AI score0.00839EPSS
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2019/12/03 7:25 p.m.36 views

Mitigating Modern Insider Threats in FIs

More and more financial institutions FI are migrating to the cloud—increasing efficiencies and access to services. With this move, however, comes a new degree of risk. Without the right levels of protection and visibility, you leave yourself open not only to attacks by external actors but interna...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/07 6:0 p.m.59 views

What’s So Dangerous About Spear Phishing?

Spear phishing is one of the most common and most effective cyberattack vectors seen today. Delivered through email, spear phishing campaigns aim either to infect devices with malware, or to steal important information—like credentials and bank numbers. Spear phishing is targeted at specific grou...

0.8AI score
Exploits0
CNVD
CNVD
added 2019/08/21 12:0 a.m.2 views

Microsoft Jet Database Engine Remote Code Execution Vulnerability (CNVD-2019-38618)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Jet Database Engine is one of the database engines. A remote code execution...

9.3CVSS8.2AI score0.04477EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/08/15 4:16 p.m.84 views

Clickjacking Evolves to Hook Millions of Top-Site Visitors

Clickjacking, where links on a website redirect unknowing users to spam, advertising or malware, has been around for decades. However, new tactics that defy the best mitigation efforts of browsers has led to it affecting millions of internet users browsing the web’s top sites, researchers found i...

7.5AI score
Exploits0References10
Trellix
Trellix
added 2019/08/01 12:0 a.m.17 views

Clop Ransomware

ARCHIVED STORY Clop Ransomware Alexandre Mundo · AUG 01, 2019 This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There a...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/06/01 5:27 p.m.21 views

Vanilla: Web cache deception attack on https://open.vanillaforums.com/messages/all

I have found a Vulnerability in vanilla forums which called Web cache deception attack. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Websites often tend to use web cache functionality...

1AI score
Exploits0
GithubExploit
GithubExploit
added 2019/05/21 4:0 a.m.93 views

Exploit for Use After Free in Microsoft

CVE-2019-0708 The following websites are all cheaters, mainly...

10CVSS1AI score0.99999EPSS
Exploits123
ThreatPost
ThreatPost
added 2019/05/14 12:0 p.m.63 views

Cynet: An Autonomous Security Platform for Any Size Organization

The Cynet security platform takes a different approach to traditional point security offerings, by providing a consolidated solution to all aspects of breach protection through a single interface. Unlike endpoint security solutions that only focus on particular types of threats targeting the...

Exploits0References21
ThreatPost
ThreatPost
added 2019/04/29 8:4 p.m.149 views

MuddyWater APT Hones an Arsenal of Custom Tools

An array of customized attack tools are helping the MuddyWater advanced persistent threat APT group to successfully exfiltrate data from its governmental and telco targets in the Middle East; an analysis of this toolset reveals a moderately sophisticated threat actor at work – with the potential ...

9CVSS0.3AI score0.99965EPSS
Exploits30References3
OSV
OSV
added 2019/04/26 5:29 p.m.7 views

CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...

5.3CVSS8.8AI score
Exploits0References9
Hacker One
Hacker One
added 2019/04/13 8:6 p.m.42 views

OLX: web cache deception in https://tradus.com lead to name/user_id enumeration and other info

summary Hi OLX team, i found a web cache deception vulnerability in https://tradus.com. With this vulnerability an attacker can gain access to the name of the victim user, the userid and other informations. Attack scenario 1 an attacker send to the victim a link to the malicious page like the PoC...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/09 2:24 p.m.35 views

Partner Perspectives: Level Up your EDR Capabilities with Deception-Based Threat Detection from Carbon Black and Smokescreen

Amir Moin is a Product Manager for Smokescreen. All security teams eventually run into the same fundamental problems - low network visibility, overworked security analysts, and breaches that put them on the nine o’clock news. Traditional security solutions are primed toward giving security teams ...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/03/11 3:51 p.m.70 views

Facebook Alleges Two Ukrainians Scraped Data From 63K Profiles

Facebook has sued two Ukrainian men that it says used quiz apps and malicious browser extensions to scoop up private data from 63,000 platform users, and then use that data for advertising purposes. A lawsuit filed Friday by Facebook alleged that the two men, Gleb Sluchevsky and Andrey Gorbachov,...

0.7AI score
Exploits0References8
Schneier on Security
Schneier on Security
added 2019/02/18 8:42 p.m.63 views

I Am Not Associated with Swift Recovery Ltd.

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories,...

3AI score
Exploits0
CNVD
CNVD
added 2019/02/12 12:0 a.m.2 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2019-16512)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

5.4CVSS6.5AI score0.00827EPSS
Exploits0References1
Prion
Prion
added 2018/12/11 5:29 p.m.18 views

Cross site request forgery (csrf)

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

6.8CVSS8.7AI score0.01065EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/11 5:0 p.m.34 views

CVE-2018-19969

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

8.7AI score0.01065EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/10 12:0 a.m.92 views

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.8AI score0.01857EPSS
Exploits0
OSV
OSV
added 2018/11/27 10:29 p.m.2 views

CVE-2018-7946

There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak...

4.3CVSS5.8AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder