Lucene search
K

9527 matches found

CVE
CVE
added 2013/05/31 9:0 p.m.65 views

CVE-2013-1247

CVE-2013-1247 affects Cisco Prime Infrastructure; XSS in the wireless configuration module allows an unauthenticated remote attacker to inject scripts via a rogue SSID displayed in the XML windowing table (Bug CSCuf04356). Exploitation requires access to the rogue AP listing; Cisco notes software...

4.3CVSS5.9AI score0.01523EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2013/05/31 4:21 p.m.23 views

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

4.3CVSS0.7AI score0.01523EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/05/22 12:39 p.m.12 views

Grid Utilities Critical Infrastructure Protection Lacking

It would seem that what spurs private and public electric grid utility operators to action with regard to cybersecurity isn’t the Chinese or Iranians attacking them, but the word “mandatory”. A paper published yesterday by two U.S. legislators revealed that when there are mandatory cybersecurity...

1AI score
Exploits0References4
Ubuntu
Ubuntu
added 2013/05/16 11:57 p.m.56 views

USN-1831-1: OpenStack Nova vulnerability

Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...

2.1CVSS5.3AI score0.00383EPSS
Exploits0
The Hacker News
The Hacker News
added 2013/05/08 6:32 a.m.10 views

Internet Explorer 8 zero-day attack spreads on 9 other sites

Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2013/04/25 4:31 p.m.11 views

Obama Expands Surveillance to Critical Infrastructure

A little-known policy through which the Departments of Justice, Defense, and Homeland Security offered prosecutorial immunity to companies that helped the U.S. military monitor Internet traffic on the private networks of defense contractors has reportedly been expanded by Executive Order to inclu...

0.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2013/04/25 4:2 p.m.10 views

Brad Arkin Named Adobe CSO

Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company’s product security and privacy initiatives. Adobe has been in the security spotlight for several years now, as attackers have focused their attention ...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/04/24 2:6 p.m.12 views

HD Moore: Hackable Serial Port Servers Lack Authentication

Serial port servers are admittedly old school technology that you might think had been phased out as new IT, SCADA and industrial control system equipment has been phased in. Metasploit creator HD Moore cautions you to think again. Moore recently revealed that through his Critical IO project...

1.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/04/23 1:4 p.m.5 views

Malware More Globally Distributed, Still Made in China

In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines. This emerging trend is among the vast an...

1.2AI score
Exploits0References5
The Hacker News
The Hacker News
added 2013/04/23 4:52 a.m.10 views

CALL FOR PAPERS - The Hackers Conference 2013

The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...

6.5AI score
Exploits0
Cisco
Cisco
added 2013/04/17 4:0 p.m.22 views

Cisco TelePresence Infrastructure Denial of Service Vulnerability

Cisco TelePresence multipoint control unit MCU and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate thi...

7.1CVSS6.5AI score0.01169EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/04/05 4:17 p.m.14 views

Shylock Trojan Going Global with New Features, Resilient Infrastructure

The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. To this point, Shylock has made its money via man-in-the-browser attack...

1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/04/04 8:15 p.m.3 views

keystone: online validation of Keystone PKI tokens bypasses revocation check

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

6.8CVSS5.9AI score0.02608EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2013/04/04 6:34 p.m.12 views

World's largest Digital documents library 'Scribd' Hacked

World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. "Even though this information was accessed, the...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2013/03/22 12:0 a.m.4 views

PT-2013-3441 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue allows remote attackers to bypass intended access restrictions via a revoked PKI token, due to improper revocation checks for Keystone PKI tokens when performed through a server...

6.9CVSS6.3AI score0.02608EPSS
Exploits0References21
The Hacker News
The Hacker News
added 2013/03/15 8:27 a.m.8 views

Cyber 9/11, cyber doomsday...between fear and need for action

It's not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/03/14 9:27 p.m.30 views

Cyber 9/11, cyber doomsday...between fear and need for action

It’s not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/03/14 2:12 p.m.9 views

NSA Director Alexander: US Building Cyberattack Teams

More rhetoric is coming out of Washington regarding the use of malware as an auxiliary weapon to bombs and bullets. National Security Agency leader Gen. Keith Alexander told a House Armed Services Committee yesterday that his new Cyber Command will be ready to retaliate should the United States...

1.2AI score
Exploits0References6
NVD
NVD
added 2013/03/07 8:55 p.m.18 views

CVE-2013-1153

Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...

6.8CVSS7.2AI score0.00576EPSS
Exploits0References1
Prion
Prion
added 2013/03/07 8:55 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...

6.8CVSS7.7AI score0.00576EPSS
Exploits0References1
Rows per page
Query Builder