Lucene search
K

190 matches found

The Hacker News
The Hacker News
added 2020/07/24 8:56 a.m.3 views

Researchers Reveal New Security Flaw Affecting China's DJI Drones

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...

6AI score
Exploits0
Snyk
Snyk
added 2020/04/28 3:35 p.m.3 views

Signature Validation Bypass

Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...

6.5CVSS7.3AI score
Exploits0References2
Snyk
Snyk
added 2020/02/17 2:29 p.m.5 views

Signature Validation Bypass

Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...

6.5CVSS7.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.20 views

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a perpetrator to execute arbitrary codes.

The vulnerability of the “Update Manager” component of the enterprise resource management system Galaktika ERP is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has access to the update server, to execute...

8.3CVSS6AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/14 12:0 a.m.46 views

Joomla 3.6.x < 3.9.7 Multiple Vulnerabilites

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.6.x prior to 3.9.7. It is, therefore, affected by the following vulnerabilities: - Joomla versions 3.8.13 prior to 3.9.7 are affected by a vulnerability where a non-admin user may manipulate the...

9.8CVSS7AI score0.1049EPSS
Exploits1References5
NVD
NVD
added 2019/06/11 7:29 p.m.23 views

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

6.5CVSS7.1AI score0.01101EPSS
Exploits0References2
Prion
Prion
added 2019/06/11 7:29 p.m.13 views

Code injection

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

4CVSS6.4AI score0.01101EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/06/11 7:29 p.m.10 views

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

6.5CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2019/06/11 6:33 p.m.135 views

CVE-2019-12764

CVE-2019-12764 affects Joomla! prior to 3.9.7. The vulnerability is in the update server URL for component com_joomlaupdate, which can be manipulated by non Super-Admin users. Documented impact indicates potential integrity/confidentiality risk via update source redirection, but explicit exploita...

6.5CVSS6.6AI score0.01101EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.7 views

PT-2019-12931 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the update server URL of com joomlaupdate can be manipulated by non Super-Admin users. Recommendations: For versions prior to 3.9.7, update to version 3.9.7 or later t...

6.5CVSS6.4AI score0.01101EPSS
Exploits0References5
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/04/10 12:0 a.m.104 views

[20190603] - Core - ACL hardening of com_joomlaupdate

The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

6.5CVSS1.6AI score0.01101EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/06/29 3:29 p.m.15 views

CVE-2018-13012

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...

8.1CVSS8.2AI score0.00504EPSS
Exploits0References1
Prion
Prion
added 2018/06/29 3:29 p.m.11 views

Design/Logic Flaw

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...

6.8CVSS8.1AI score0.00504EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2018/06/29 3:0 p.m.46 views

CVE-2018-13012

The CVE-2018-13012 vulnerability affects SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to version 4.4.12. Description: a flaw where code downloaded during updates is not validated with proper integrity checks, enabling ...

8.1CVSS8.1AI score0.00504EPSS
Exploits0References1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:39 p.m.20 views

Security Bulletin: A vulnerability in the GSKit component of IBM Security SiteProtector System (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

5.9CVSS1.1AI score0.02032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:30 p.m.25 views

Security Bulletin: A vulnerability in IHS (IBM HTTP Server) affects IBM Security SiteProtector System (CVE-2015-1829)

Summary The IBM Security SiteProtector System uses IBM HTTP Server IHS for which there is a potential denial of service vulnerability that may impact IHS on Windows. Exploitation of the attack requires local access to the server system. Vulnerability Details CVEID: CVE-2015-1829 DESCRIPTION: Apac...

5CVSS1.3AI score0.02552EPSS
Exploits0Affected Software1
CVE
CVE
added 2017/12/15 2:0 p.m.60 views

CVE-2017-14090

CVE-2017-14090 affects Trend Micro ScanMail for Exchange 12.0. The vulnerability lies in the update mechanism: communications to update servers are unencrypted (HTTP) and lack certificate validation, enabling eavesdropping/tampering. Core Security’s advisory details that vulnerable update paths a...

9.1CVSS9.1AI score0.0134EPSS
Exploits1References2Affected Software1
Talos Blog
Talos Blog
added 2017/07/05 11:22 a.m.85 views

The MeDoc Connection

This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...

7.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/01/07 11:35 p.m.18 views

Description of the cumulative update for Office Communications Server 2007 R2, Core Components: January 2010

Describes the issues that are fixed in the Office Communications Server 2007 R2, Core Components cumulative update that is dated January 2010.SummaryThis article describes the Microsoft Office Communications Server 2007 R2, Core Components issues that are fixed in the cumulative update for...

0.3AI score
Exploits0
Saint
Saint
added 2016/12/23 12:0 a.m.69 views

McAfee VirusScan Enterprise for Linux authentication token brute force

Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...

6.8CVSS8.5AI score0.09211EPSS
Exploits7
Rows per page
Query Builder