9527 matches found
CVE-2013-1153
Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...
CVE-2013-1153
Cisco Prime Infrastructure suffers a CSRF vulnerability in its web interface (CVE-2013-1153). An unauthenticated, remote attacker could trick a user into submitting arbitrary requests to the device with the user’s privileges. Cisco’s advisory notes that software updates are not available to remed...
CVE-2012-5053
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-5053
CVE-2012-5053 affects Trimble Infrastructure GNSS Series Receivers: NetR3/NetR5/NetR8/NetR9 vulnerable in their Receiver Web User Interface prior to firmware 4.70, and NetRS prior to 1.3-2. The issue is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary HTML/script...
CVE-2012-5053
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Groundbreaking Cyber Fast Track Research Program Ending
VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...
Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...
Moderate: Red Hat Bug Fix Advisory: Red Hat Update Infrastructure 2.1.1 bug fix update
Updated Red Hat Update Infrastructure 2.1.1 packages that fix several bugs are now available. Red Hat Update Infrastructure RHUI is a collection of technologies that offers cloud providers the ability to easily deploy Red Hat solutions into their environments. The rh-rhui-tools package has a seri...
RSA Conference 2013: Experts Say It's Time to Prepare for a 'Post-Crypto' World
SAN FRANCISCO–In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are...
[USN-1734-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Markey: GRID Act Passage Long Overdue
Representative Ed Markey D-MA is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton R-MI, to take immediate action toward passing the Grid Reliability and Infrastructure Defense GRID Act, which Markey calls a bipartisan bill aimed at hardening the nation’s electrical gr...
EMC Data Protection Advisor Web UI Detection
The report web server is the Web UI for EMC Data Protection Advisor, an automated analysis and alerting system for backup and replication infrastructure. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid64702; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/25";...
CAs Form New Alliance to Focus on Security Issues, Education
A group of large certificate authorities, including some that have been the victims of recent compromises of their CA systems, have formed an alliance designed to develop strategies for strengthening the CA infrastructure through education and industry initiatives. Comodo, DigiCert, Entrust,...
White House Executive Order on Cyber Security
The tense standoff between an unresponsive Congress and a reluctant critical infrastructure industry has been broken. On February 13, 2013, the President issued an Executive Order that provides initial guidance for the country to confront escalating cyber threats. Finally, we have someone with th...
Vulnerability Patched in Schneider Electric ICS Gear
The Industrial Control System CERT released an advisory this week warning of a vulnerability in a popular sensor monitoring system used in a number of critical industries, including energy, water and manufacturing. Aaron Portnoy of Exodus Intelligence discovered the flaw in the Windows-based...
GAO: FCC Network Fortification Project Fails
The Government Accountability Office has determined that the Federal Communications Commission failed to properly implement necessary security controls in the initial phases of its Enhanced Secured Networks project, and, as a result, FCC data remains vulnerable to “unnecessary risk of inadvertent...
Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives
The executive order that President Barack Obama signed yesterday in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in...
Obama Cybersecurity Executive Order Expected Tomorrow
This week figures to be a high-profile time for cybersecurity on Capitol Hill. Reports say President Barack Obama will issue a long-awaited executive order shortly after tonight’s State of the Union address, while another stab at getting the controversial CISPA cybersecurity bill signed into law...
SCADA, ICS Bug Brokering Mirrors IT Vulnerability Market
SAN JUAN, Puerto Rico – The world of SCADA and industrial control system vulnerabilities is starting to mirror that of IT security, not only in the demonstration and exploitation of zero-day vulnerabilities, but in the brokering of flaws and exploits between hackers and organizations interested i...