Lucene search
K

1345 matches found

Mageia
Mageia
added 2016/11/04 7:58 a.m.49 views

Update request kernel-linus-4.4.26-1 fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: An issue with ASN.1 DER decoder was reported that could lead to memory corruptions, possible privilege escalation, or complete local denial of service via x509 certificate DER files CVE-2016-0758...

7.8CVSS3AI score0.83524EPSS
Exploits94References11
The Hacker News
The Hacker News
added 2016/10/27 10:34 p.m.14 views

This Code Injection Technique can Potentially Attack All Versions of Windows

Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/26 12:0 a.m.86 views

IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)

Binary data 9713.prm...

9.3CVSS7.7AI score0.74006EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2016/10/26 12:0 a.m.41 views

IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)

Binary data 9700.prm...

10CVSS7.7AI score0.74006EPSS
Exploits1References15
Packet Storm
Packet Storm
added 2016/10/24 12:0 a.m.43 views

Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS

Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ URL: https://cxsecurity.com/issue/WLB-2016100213 --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/10/23 12:0 a.m.29 views

Apple Mac OS X 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS

Exploit for macOS platform in category dos / poc Apple macOS 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP requests up to 200k in name of victim during MiTM attack...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/10/18 12:0 a.m.593 views

AVTECH Devices Multiple Vulnerabilities

AVTECH devices IP camera/NVR/DVR are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS7.2AI score0.04EPSS
Exploits0References7
exploitpack
exploitpack
added 2016/10/11 12:0 a.m.58 views

Google Android - gpsOneXtra Data Files Denial of Service

Google Android - gpsOneXtra Data Files Denial of Service Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided...

7.1CVSS0.3AI score0.04323EPSS
Exploits6
The Hacker News
The Hacker News
added 2016/09/18 11:44 p.m.14 views

Firefox Browser vulnerable to Man-in-the-Middle Attack

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle MITM impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2016/08/31 2:30 p.m.27 views

sshhipot - High-Interaction MitM SSH Honeypot

High-interaction SSH honeypot ok, it's really a logging ssh proxy. Still more or less a work-in-progress. Feel free to go install this repository if you'd like to try it. Run it with -h to see more options. In particular, logging is kinda rough. One of these days there'll be better documentation,...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/08/18 8:7 p.m.11 views

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

6.5CVSS7.2AI score0.14524EPSS
Exploits3References4
The Hacker News
The Hacker News
added 2016/08/05 12:18 a.m.14 views

This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV Europay, MasterCard and...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2016/07/26 12:0 a.m.64 views

PHP < 5.6.24, 7.x <= 7.0.8 Multiple Vulnerabilities (Jul 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

8.1CVSS8.4AI score0.50427EPSS
Exploits0References7
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.29 views

POODLE: SSLv3 Vulnerability - Lenovo Support US

No description provided...

5.4AI score
Exploits0
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.90 views

POODLE: SSLv3 Vulnerability

Lenovo Security Advisory: LEN-2014-007 Potential Impact: Unauthorized Access; Man-in-the-Middle MitM Attack Severity: Medium Summary: A security vulnerability known as POODLE was publicly announced that affects a relatively low number of Internet connected devices. However, this vulnerability is...

4.3CVSS5.5AI score0.99999EPSS
Exploits7
Hacker One
Hacker One
added 2016/06/23 4:2 a.m.11 views

LocalTapiola: Mixed Active Scripting Issue on https://www.lahitapiola.fi

HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://www.lahitapiola.fi/henkilo/asiakaspalvelu/asioi-verkossa/kirjaudu-verkkoon Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.4 views

The vulnerability of Google Chrome’s browser allows a hacker to replace the chrome_cleanup_tool.exe file.

The vulnerability in the Google Chrome browser’s browser/safebrowsing/srtfieldtrialwin.cc component does not use HTTPS protocol for the dl.google.com service when the Software Removal Tool is executed. Exploiting this vulnerability allows a malicious actor to replace the chromecleanuptool.exe fil...

2.6CVSS6.7AI score0.01158EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/06/05 11:59 p.m.1 views

CVE-2016-1693

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

5.3CVSS6.8AI score
Exploits0References11
myhack58
myhack58
added 2016/06/03 12:0 a.m.22 views

OpenSSL CVE-2 0 1 6-2 1 0 7 vulnerability still affects many of the Alexa top sites-vulnerability warning-the black bar safety net

! According to security firm High-Tech Bridge said,Alexa ranking in the top 1 0 0 0 0 the site has many remains of the OpenSSL CVE-2 0 1 6-2 1 0 7 vulnerability. CVE-2 0 1 6-2 1 0 7 vulnerabilities for open-source cryptographic libraries the impact may be used to conduct MiTM attack. For as long ...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/06/02 12:0 p.m.16 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

7.4AI score
Exploits0References5
Rows per page
Query Builder