812 matches found
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6646
CVE-2017-6646 affects Cisco Remote Expert Manager Software web interface (11.0.0). An unauthenticated remote attacker can access sensitive order information by sending crafted HTTP requests because the software does not sufficiently protect sensitive data in HTTP responses. The vulnerability is d...
CVE-2017-6621
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of...
Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
IoT Security Testing Methodology
By Deral Heiland IoT - IoT Research Lead Rapid7 Nathan Sevier - Senior Consultant Rapid7 Chris Littlebury - Threat Assessment Manage Rapid7 End-to-end ecosystem methodology When examining IoT technology, the actionable testing focus and methodology is often applied solely to the embedded device...
Flexispy
Flexispy. Papers exploit for Multiple platform / // / / /| |/ / / // \ / // / / / / / / / | / / / / / / / / / / / / / / / / / / | / / / // // / / / // //// //||//////// brought to you by / / / / / / // -/ \ / / // // / / |/ / // / /// // ./,/// ,/ // /, / // // / / / // / / ,/////,/ / /...
Cisco Prime Infrastructure Web Interface Information Disclosure Vulnerability (cisco-sa-20170405-cpi)
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. SPDX-FileCopyrightText: 2017...
CVE-2017-3884
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional...
CVE-2017-3884
The CVE-2017-3884 entry describes an information-disclosure vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager. An authenticated, remote attacker could access sensitive data without administrator credentials, enabling reconnaissan...
Aviation-Related Phishing Campaigns Seeking Credentials
A wave of email-based phishing campaigns is targeting airline consumers with messages that contain malware that infects systems or links to spoofed airline websites that are personalized to trick victims into handing over personal or business credentials. “Over the past several weeks, we have see...
Common Files Detection
Scanner has detected common sensitive files on the remote web server. Web applications are often made up of multiple files and directories. It is possible that over time some files may become unreferenced unused by the web application and forgotten about by the administrator or developer. Because...
Widespread Email Scam Targets Github Developers with Dimnie Trojan
Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest...
Cisco IOx Software Information Disclosure Vulnerability (cisco-sa-20170118-ios)
A vulnerability in the web-based management interface of Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted...
Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. The vulnerability is due to lack of proper input validation of the...
Cisco Firepower Management Center Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. The vulnerability is due to improper masking of sensitive data in the HTTP response. An...
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltratio...
Windows Anti Recon Tool: SAMRi10
Windows Anti Recon Tool “SAMRi10” tool is a short PowerShell PS script which alters remote SAM access default permissions on Windows 10 & Windows Server 2016. This hardening process prevents attackers from easily getting some valuable recon information to move laterally within their victim’s...
Ghosts in the Bank
It was a dark night. A car pulled up in the parking space next to me and quickly extinguished his lights. I looked out the my window and saw the driver. He gave me a quick nod and we exited our cars. Opening the trunk I pulled out my tools for the night. A backpack full of trash bags, a flash...
Cisco Nexus 9000 Information Disclosure Vulnerability
A vulnerability in the internal iptables configuration for local interfaces on the Cisco Nexus 9000 Series Switch could allow an unauthenticated, remote attacker to access certain sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerabili...