728 matches found
Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability
Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. A security vulnerability exists in Cisco Webex Meetings Suite and Cisco Webex Meetings Online. The vulnerability is caused by accidentally exposing meeting information in a specific meeting join stream in a mobile...
Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption
Obfuscate python scripts making them password-protected using AES Encryption Usage Just execute the script, and follow the menu. Info Once an script is obfuscated, when running it a password asking prompt will appear, after submiting the correct password, the script will execute decrypting it's...
The return of the BOM
There's nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It's just that this time around the bad guys have started using a method that was reported in the wild years ago. Russian gangs used this technique to distribute malware capable of modifying the hosts fil...
Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files
CERT Keyfinder is a utility for finding and analyzing key files on a filesystem as well as contained within Android APK files. CERT Keyfinder development was sponsored by the United States Department of Homeland Security DHS. Installation requirements: 1. Python 3.x recommended androguard...
Old-School Bagle Worm Still Ready for Modern Spam Campaigns
The long-running Bagle worm, affecting Microsoft Windows machines, is still out there, a throwback to an earlier time. Also referred to as Beagle, Bagle contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the...
Nextcloud Server Session Fixation Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A session fixation vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.3, and 12.0.8, which can be...
Default credentials
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16463
CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16467
CVE-2018-16467 (Nextcloud Server before 14.0.0) is an improper access‑control vulnerability enabling unauthenticated attackers to bypass password protection for previews of single-file shares via the vulnerable publicpreview.php endpoint. The issue can disclose previews (notably image files) with...
MGASA-2018-0422 Updated unzip packages fix security vulnerabilities
Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...
Improper access control checks for single share previews (NC-SA-2018-014)
A missing check could give unauthorized access to the previews of single file password protected shares...
Nextcloud: Talk / spreed: Disclosure of Room names and participants for password protected rooms
CVSS ---- 5.3 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS isn't always as fine-grained as I'd like; personally, I would rate the issue somewhere between low and medium Description ----------- The API of the official spreed/talk extension reveals potentially sensitive information such...
[SECURITY] Fedora 29 Update: python-pycryptodomex-3.6.6-1.fc29
PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's a fork of PyCrypto. It brings several enhancements with respect to the last official version of PyCrypto 2.6.1, for instance: Authenticated encryption modes GCM, CCM, EAX, SIV, OCB Accelerated AES on Intel...
Chaturbate: Users may still able to view chat room panel of password protected rooms
The hacker found that the chat room panel could be accessed without the user having the room password. This was resolved. An attacker may able to view a password protected chat room panel by requesting the api endpoint for room panel. It discloses information depends on what app they use...
Directory Traversal
wordpress is vulnerable to denial of service DoS attacks. The vulnerability exists in wp-includes/class-phpass.php where a large password can be used to attempt to cause DoS attacks in a password protected post...
Microsoft Office: Protect document metadata for password protected files
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013protectpasswdprotectedfilesmetadata.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Protect document metadata for password protected files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...
Microsoft Office: Encryption type for password protected Office 97-2003 files
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013encrtypepasswdprotectedfiles.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Encryption type for password protected Office 97-2003 files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...