CVE-2012-4621

The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service device reload via a DHCP packet, aka Bug ID CSCty96049...

When, Not Whether, Is the Question for Mobile Authentication, Research Finds

The findings from a recent study carried out by Microsoft Research and the University of South Carolina suggest that we should be asking ourselves when to require authentication rather than whether to require authentication. The research puts forth the idea of tailoring authentication requirement...

IBM WebSphere Sensor Events多个输入验证漏洞

BUGTRAQ ID: 53859 IBM WebSphere Sensor Events可提供创建和管理企业级传感器的中间件基础架构。 IBM WebSphere Sensor Events在实现上存在P001414 XSS、文件路径遍历、不安全HTTP方法、searchView.jsp中的deferredView.jsp XSS问题内的P001538跨站脚本执行漏洞, 攻击者可利用这些漏洞窃取Cookie身份验证凭证、执行非法操作或泄漏敏感信息。 0 IBM WebSphere Sensor Events 7.0 厂商补丁： IBM ---...

TapLogger Android Trojan can Determine Tapped Keys

TapLogger Android Trojan cab Determine Tapped Keys Today's smartphones are shipp ed with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they...

[SECURITY] Fedora 15 Update: ipmitool-1.8.11-7.fc15

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

iPhone can be used as spy phone to get desktop Keystrokes

iPhone can be used as spy phone to get desktop Keystrokes What if a hacker could log every key you typed on your PC by placing a cellphone nearby? US researchers have shown how this is possible using any smartphone available today. At a conference in Chicago on Thursday, a group of computer...

Sparkasse Bank – Tricky Card Bug on ATM [ATM Adventure]

Document Title: =============== Sparkasse Bank – Tricky Card Bug on ATM ATM Adventure References: =========== Document: http://www.vulnerability-lab.com/resources/documents/295.pdf Article: http://www.vulnerability-lab.com/dev/?p=247 Release Date: ============= 2011-10-15 Vulnerability Laboratory...

Hardware Status Differs in vCenter Server and Veeam ONE

Challenge One of Veeam ONE's monitoring features is monitoring and alerting on host hardware status changes. These alerts are good to know in case hosts in your environment have hardware issues, the issue will be notified in the alert, and the severity of the issue by VMware's color scale Yellow ...

Kinect hackers take control of the action !

Christopher Baker spent Boxing Day as a VJ – video jockey – for a warehouse party in Liverpool. Among the items being used was a Microsoft Kinect controller, normally used to play Xbox 360 games such as Kinectimals or Kinect Sports. But Baker wasn't playing games: the system was rigged up to a...

CVE-2010-2306

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

Default configuration

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

CVE-2010-2306

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

CVE-2010-2306

The CVE-2010-2306 entry concerns the default installations of Sourcefire 3D Sensor 1000/2000/9900 and Defense Center 1000 sharing the same static private SSL keys across devices/installations. This key reuse enables a remote attacker to perform a man-in-the-middle and decrypt SSL traffic. The pro...

MS Research Targets Multimedia Snooping

Researchers from Microsoft have come up a sensor widget concept that provides alerts and lets users control and monitor exactly what other users see from their webcams, microphones, and other live data streams. Read the full article. Dark Reading...

Snort 2.8.5 - IPv6 Denial of Service

============================================= - Date: October 22th, 2009 - Discovered by: Laurent Gaffi - Severity: Low ============================================= I. VULNERABILITY ------------------------- Snort TCP 2 works x86,x64 /usr/bin/env python from scapy.all import z = "Q" 30...

Sguil/PADS SQL Injection / Crash

Sguil/PADS SQL injection and server crash exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. This exploit has the ability to render any Intrusion Detection System utilizing the sguil...

CVE-2009-2344

The web-based management interfaces in Sourcefire Defense Center DC and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components...

Code injection

The web-based management interfaces in Sourcefire Defense Center DC and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components...

CVE-2009-2344

The CVE affects Sourcefire Defense Center (DC) and 3D Sensor platforms running versions before 4.8.2. The issue is a privilege-escalation vulnerability where remote authenticated users can gain higher privileges by manipulating the admin parameter in an edit action to admin/user/user.cgi (and rel...

Sourcefire 3D Sensor and DC, privilege escalation vulnerability

Affected product ---------------- Sourcefire 3D Sensor and Defense Center 4.8.x Tested on 4.8.0.3 and 4.8.0.4, 3D Sensor 2500 & DC 1000 All 4.8.x releases, up to and including 4.8.1, confirmed vulnerable by sourcefire. Vulnerability details --------------------- A privilege escalation vulnerabili...