Lucene search
K

9528 matches found

CISA
CISA
added 2014/02/26 12:0 a.m.13 views

Cisco Releases Security Advisory for Prime Infrastructure Command Execution Vulnerability

Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. US-CERT encourages users and administrators to...

7.6AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/02/19 10:27 a.m.17 views

Second Group Seen Using IE 10 Zero Day

There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The...

0.6AI score
Exploits0References2
NVD
NVD
added 2014/02/14 3:55 p.m.24 views

CVE-2014-1965

Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...

4.3CVSS5.6AI score0.01161EPSS
Exploits0References5
Prion
Prion
added 2014/02/14 3:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Integration Repository in the SAP Exchange Infrastructure BC-XI component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References5
Prion
Prion
added 2014/02/14 3:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/02/14 3:0 p.m.56 views

CVE-2014-1964

CVE-2014-1964 is an XSS vulnerability in the SAP NetWeaver Integration Repository (BC-XI) component of SAP Exchange Infrastructure. The issue affects the Integration Repository via the ESR application and a DIR error, enabling remote attackers to inject arbitrary web script or HTML. The NVD notes...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2014/02/14 3:0 p.m.25 views

CVE-2014-1965

Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...

5.6AI score0.01161EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2014/02/14 2:27 p.m.40 views

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

9.3CVSS0.6AI score0.85239EPSS
Exploits23References6
ThreatPost
ThreatPost
added 2014/02/06 4:48 p.m.9 views

Governments Need to Discuss Use of Cyber Weapons

PUNTA CANA–Attacks on critical infrastructure have been grabbing headlines for years now, long before sophisticated operations such as Stuxnet and Flame hit the scene. But we’re probably still in the early stages of the evolution of such attacks, and the use of so-called cyber weapons in these...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/02/06 11:33 a.m.10 views

Cost of Doing APT Business Dropping

PUNTA CANA–The term APT often is used as a generic descriptor for any group–typically presumed to be government-backed and heavily financed–that is seen attacking high-value targets such as government agencies, critical infrastructure and financial systems. But the range of targets APT groups are...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/02/05 2:12 p.m.11 views

Poor Patching, Passwords Plague Government Computers

A damning report on the security of government computers paints an unflattering picture of lax or non-existent patching efforts, poor password policies, configuration errors and a general lack of confidence that exposes critical services and systems to attack. The report, “The Federal Government’...

0.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2014/02/05 12:0 a.m.31 views

Fedora Update for zabbix FEDORA-2013-22741

Check for the Version of zabbix OpenVAS Vulnerability Test Fedora Update for zabbix FEDORA-2013-22741 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

7.5CVSS0.1AI score0.02754EPSS
Exploits1References2
Kitploit
Kitploit
added 2014/01/23 8:30 p.m.23 views

[Autopsy] Digital Investigation Analysis

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2014/01/23 1:13 p.m.13 views

Congress to Consider Critical Infrastructure Protection Bill

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 would amend the Homeland Security Act of 2002 to better protect the country against potentially destructive cyber attacks targeting national utilities and other critical infrastructure systems. The House Subcommittee on...

7AI score
Exploits0References1
PyPA
PyPA
added 2014/01/21 6:55 p.m.5 views

PYSEC-2014-69

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

5.5CVSS6.8AI score0.02064EPSS
Exploits0References7Affected Software1
ICS
ICS
added 2014/01/08 12:0 p.m.236 views

USB Malware Targeting Siemens Control Software (Update C)

Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this...

9.3CVSS8AI score0.91324EPSS
Exploits13References24
ICS
ICS
added 2014/01/02 12:0 p.m.36 views

Solar Magnetic Storm Impact on Control Systems

Overview The sun generates solar flare and coronal mass ejection CME events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk ...

6.8AI score
Exploits0References19
CISA
CISA
added 2013/12/30 12:0 a.m.15 views

UK CPNI Releases Spear Phishing Paper

The United Kingdom's Centre for the Protection of National Infrastructure CPNI has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations c...

6.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/12/28 12:0 a.m.22 views

Solaris 10 (x86) : 144222-16 (deprecated)

Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite subcomponent: Zone Cluster Infrastructure. Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of...

7.2CVSS6.7AI score0.00412EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/12/28 12:0 a.m.30 views

Solaris 10 (sparc) : 144221-17 (deprecated)

Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite subcomponent: Zone Cluster Infrastructure. Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of...

7.2CVSS6.7AI score0.00412EPSS
Exploits0References2
Rows per page
Query Builder