Lucene search
K

9525 matches found

ThreatPost
ThreatPost
added 2012/05/11 4:19 p.m.12 views

CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea

The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. DHS’s Industrial Control Systems Cyb...

0.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/05/08 8:58 p.m.11 views

CERT Warns Of Cyber Threats To Gas Pipelines

The Department of Homeland Security said it is investigating a string of cyber intrusions targeting companies that operate national gas pipelines in the U.S. The DHS’s Industrial Control System Computer Emergency Readiness Team ICS-CERT disclosed in its April, 2012 newsletter that it is...

0.4AI score
Exploits0References6
exploitpack
exploitpack
added 2012/05/07 12:0 a.m.17 views

Fortinet FortiWeb Web Application Firewall - Policy Bypass

Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...

Exploits0
Exploit DB
Exploit DB
added 2012/05/07 12:0 a.m.65 views

Fortinet FortiWeb Web Application Firewall - Policy Bypass

BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2012/05/04 3:25 p.m.57 views

FEMA: State, Local Officials Not Prepared to Respond to Cyberattack

A report by the Federal Emergency Management Agency FEMA finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report NPR was commissioned by the Obama Administration. It found that, although the...

7.5CVSS0.2AI score0.99998EPSS
Exploits42References3
ThreatPost
ThreatPost
added 2012/05/01 8:55 p.m.10 views

Iran: We Have Discovered 'Hidden Agenda' Of Oil Ministry Attack

The Iranian government has discovered what it describes as a ‘hidden agenda’ behind a recent malware attack on the country’s Oil Ministry, according to a report published by the FARS News Agency. The statement, from Deputy Oil Minister Hamdollah Mohammadnejad, confirmed earlier reports that the...

1.1AI score
Exploits0References4
n0where
n0where
added 2012/04/28 3:12 a.m.99 views

VoIP VLAN Hopper

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps ...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2012/04/26 4:56 p.m.11 views

Iran Preparing For Cyberwar Against U.S

Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as th...

6.9AI score
Exploits0
CISA
CISA
added 2012/04/24 12:0 a.m.14 views

RuggedCom Rugged Operating System Vulnerability

RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...

7.2AI score
Exploits0References2
Atlassian
Atlassian
added 2012/04/19 4:35 a.m.19 views

admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.

admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 4:31 a.m.20 views

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 4:31 a.m.16 views

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:22 a.m.17 views

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:14 a.m.21 views

admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'

admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.8AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2012/04/12 7:56 p.m.10 views

Use VoIP – or Copper

Google Voice is a free VOIP service that can be used to create “throw away” voice accounts for travelers. Having your conversations handled on Google’s infrastructure also provides a measure of security over foreign telecommunications networks, which – depending on the country – could cooperating...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/04/05 2:20 a.m.16 views

No Patch Coming for Newly Announced Vulnerabilities in ABB Legacy Products

Two independent researchers who’ve been warning of the threat of serious attacks against bug-riddled ICS and SCADA systems today issued an alert through ICS-CERT that vulnerabilities in ABB products could lead to DoS attacks or allow an attacker to remotely launch malicious code. No patch is...

1.1AI score
Exploits0References3
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.88 views

[SECURITY] [DSA 2443-1] linux-2.6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 [email protected] http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq -...

7.2CVSS1.3AI score0.03431EPSS
Exploits8
Debian
Debian
added 2012/03/27 12:35 a.m.48 views

[SECURITY] [DSA 2443-1] linux-2.6 security update

---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 [email protected] http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

7.8CVSS7.5AI score0.03431EPSS
Exploits8
OSV
OSV
added 2012/03/26 12:0 a.m.43 views

DSA-2443-1 linux-2.6 - several

Bulletin has no description...

7.8CVSS7AI score0.03431EPSS
Exploits10
The Hacker News
The Hacker News
added 2012/03/22 8:53 p.m.9 views

Free Configuration Check Tool by eEye Digital Security

Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry's leading innovator of threat management solutions, just released new research, "Working Toward Configuration Best Practices" . Findings verify that proper configuration and mitigations remain the most...

6.7AI score
Exploits0
Rows per page
Query Builder