2294 matches found
davfs2 1.4.6/1.4.7 - Local Privilege Escalation
davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034. Basically the program "mount.davfs"...
GLSA-201310-02 : isync: Man-in-the-Middle attack
The remote host is affected by the vulnerability described in GLSA-201310-02 isync: Man-in-the-Middle attack isync does not properly verify the servers hostname against the CN field in the SSL certificate. Impact : A remote server could perform man-in-the-middle attacks to disclose passwords or...
Google WebLogin Tokens Expose Google Apps, User Data
An exposure in the way Google handles authentication is an illustration of the unintended consequences of trading security for a little bit of convenience. Craig Young, a researcher from security company Tripwire, demonstrated at Def Con over the weekend how an Android single sign-on token known ...
Tor Users Should Leave Insecure Windows Operating System
In a critical security advisory issued over the weekend, the Tor Project told its users that they should seriously consider migrating away from Microsoft’s Windows operating system and disabling JavaScript. The Tor Project security advisory was a response to revelations on Sunday that an attack h...
Malicious Pinterest browser plugin stealing passwords and spreading spam
Social networking sites are unfortunately now major interest to malicious cyber criminals, spreading malware and building botnet army to steal money direct from your keyboards. Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered a...
Android based hacking tool to steal passwords from connected computers
A recently discovered new form of Android malware called USB Cleaver can not only infect your smartphone, but also targets your PC to steal sensitive information from it. A hacking tool discovered by analysts at F-Secure, which is capable of stealing information from a connected Windows machine...
frontpage
This plugin audits the frontpage extension configuration by trying to upload a file to the remote server using the author.dll script provided by FrontPage. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- stopOnFirst | boolean | True | Stop on the fir...
KRBanker Malware Targeting Korean Financial Institutions
A recently discovered piece of malware called KRBanker Korea + Banker = KRBanker , targeting mostly online end-users at Korean financial institutions. According to nProtect, now an invasive banking Trojan, the new and improved KRBanker can block anti-virus software, security websites and even oth...
Mutiny < 5.0-1.11 Multiple Directory Traversals
The remote server hosts a version of Mutiny prior to 5.0-1.11. It is, therefore, reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root privileges. The functions for UPLOAD,...
New Mac OS X adware Trojan spreading via browser plugin
Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for...
New Mac OS X adware Trojan spreading via browser plugin
Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for...
Microsoft Office Outlook Information Disclosure Vulnerability (2813682) - Mac OS X
This host is missing an important security update according to Microsoft Bulletin MS13-026. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Android SwiftKey Keyboard turned into a Keylogger app
One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, "anyone pirating Swiftkey is taking a serious risk" developer said to 'T...
Android SwiftKey Keyboard turned into a Keylogger app
One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, "anyone pirating Swiftkey is taking a serious risk" developer said to 'T...
Privoxy 3.0.20-1 Credential Exposure
Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...
dovecot security update
CentOS Errata and Security Advisory CESA-2013:0520 Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...
RedHat Update for dovecot RHSA-2013:0520-02
Check for the Version of dovecot OpenVAS Vulnerability Test RedHat Update for dovecot RHSA-2013:0520-02 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Low: Red Hat Security Advisory: dovecot security and bug fix update
Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
Dissecting a mobile malware
The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a...
Dissecting a mobile malware
The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a...