1345 matches found
Update request kernel-linus-4.4.26-1 fixes security issues
This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: An issue with ASN.1 DER decoder was reported that could lead to memory corruptions, possible privilege escalation, or complete local denial of service via x509 certificate DER files CVE-2016-0758...
This Code Injection Technique can Potentially Attack All Versions of Windows
Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows...
IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)
Binary data 9713.prm...
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
Binary data 9700.prm...
Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ URL: https://cxsecurity.com/issue/WLB-2016100213 --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...
Apple Mac OS X 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
Exploit for macOS platform in category dos / poc Apple macOS 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP requests up to 200k in name of victim during MiTM attack...
AVTECH Devices Multiple Vulnerabilities
AVTECH devices IP camera/NVR/DVR are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Google Android - gpsOneXtra Data Files Denial of Service
Google Android - gpsOneXtra Data Files Denial of Service Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided...
Firefox Browser vulnerable to Man-in-the-Middle Attack
A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle MITM impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS...
sshhipot - High-Interaction MitM SSH Honeypot
High-interaction SSH honeypot ok, it's really a logging ssh proxy. Still more or less a work-in-progress. Feel free to go install this repository if you'd like to try it. Run it with -h to see more options. In particular, logging is kinda rough. One of these days there'll be better documentation,...
python: smtplib StartTLS stripping attack
It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...
This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards
Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV Europay, MasterCard and...
PHP < 5.6.24, 7.x <= 7.0.8 Multiple Vulnerabilities (Jul 2016) - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
POODLE: SSLv3 Vulnerability - Lenovo Support US
No description provided...
POODLE: SSLv3 Vulnerability
Lenovo Security Advisory: LEN-2014-007 Potential Impact: Unauthorized Access; Man-in-the-Middle MitM Attack Severity: Medium Summary: A security vulnerability known as POODLE was publicly announced that affects a relatively low number of Internet connected devices. However, this vulnerability is...
LocalTapiola: Mixed Active Scripting Issue on https://www.lahitapiola.fi
HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://www.lahitapiola.fi/henkilo/asiakaspalvelu/asioi-verkossa/kirjaudu-verkkoon Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can...
The vulnerability of Google Chrome’s browser allows a hacker to replace the chrome_cleanup_tool.exe file.
The vulnerability in the Google Chrome browser’s browser/safebrowsing/srtfieldtrialwin.cc component does not use HTTPS protocol for the dl.google.com service when the Software Removal Tool is executed. Exploiting this vulnerability allows a malicious actor to replace the chromecleanuptool.exe fil...
CVE-2016-1693
browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...
OpenSSL CVE-2 0 1 6-2 1 0 7 vulnerability still affects many of the Alexa top sites-vulnerability warning-the black bar safety net
! According to security firm High-Tech Bridge said,Alexa ranking in the top 1 0 0 0 0 the site has many remains of the OpenSSL CVE-2 0 1 6-2 1 0 7 vulnerability. CVE-2 0 1 6-2 1 0 7 vulnerabilities for open-source cryptographic libraries the impact may be used to conduct MiTM attack. For as long ...
IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems
In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...