Lucene search
K

190 matches found

NVD
NVD
added 2016/12/14 12:59 a.m.22 views

CVE-2016-1411

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...

5.9CVSS5.8AI score0.01121EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/12/14 12:37 a.m.21 views

CVE-2016-1411

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...

5.8AI score0.01121EPSS
Exploits0References2
Palo Alto Networks
Palo Alto Networks
added 2016/07/01 12:0 a.m.54 views

Update Server API Exposure

The Palo Alto Networks update server enables downloading of PAN-OS software releases and dynamic updates through a public API. Some functions of the API were inadvertently exposed to the public...

6.8AI score
Exploits0
Prion
Prion
added 2015/08/23 9:59 p.m.18 views

Code injection

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...

9CVSS8.4AI score0.01783EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/08/23 9:0 p.m.21 views

CVE-2015-2908

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...

7.8AI score0.01783EPSS
Exploits0References2
myhack58
myhack58
added 2015/05/08 12:0 a.m.15 views

Lenovo ThinkPad series computers was traced to multiple security vulnerabilities-vulnerability warning-the black bar safety net

Recently, security firm IOActive at the Lenovo Series of computers found a security vulnerability, the attacker may be on the computers of legitimate applications replaced with malicious app and you can remotely execute malicious instructions. IOActive security researcher in the Bulletin elaborat...

0.5AI score
Exploits0
OpenVAS
OpenVAS
added 2015/01/02 12:0 a.m.43 views

Malwarebytes Anti-Malware < 2.0.3 'Upgrade' MITM Vulnerability - Windows

Malwarebytes Anti-Malware is prone to a man-in-the-middle MITM vulnerability through it SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS6.3AI score0.16784EPSS
Exploits6References2
Cvelist
Cvelist
added 2014/12/16 6:0 p.m.25 views

CVE-2014-4936

The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...

7.2AI score0.16784EPSS
Exploits6References2
Prion
Prion
added 2014/08/19 7:55 p.m.18 views

Directory traversal

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a 1 .. dot dot in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or 2 %2E%2E encoded dot dot in the default URI to port 7074 ...

5CVSS7.4AI score0.63894EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/08/19 7:0 p.m.22 views

CVE-2014-5350

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a 1 .. dot dot in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or 2 %2E%2E encoded dot dot in the default URI to port 7074 ...

6.9AI score0.63894EPSS
Exploits1References3
exploitpack
exploitpack
added 2014/07/16 12:0 a.m.34 views

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact:...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially...

7.1AI score
Exploits0
CVE
CVE
added 2014/05/20 10:0 a.m.44 views

CVE-2014-3265

CVE-2014-3265 describes a cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework used by Cisco Security Manager (CSM) 4.2 and earlier. The root cause is insufficient input validation of a parameter within the AUS web framework, enabling remote attackers to inject a...

4.3CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2014/05/19 7:17 p.m.20 views

Cisco Security Manager AUS Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of a parameter, which affects the Auto Update...

4.3CVSS5.6AI score0.01372EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2013/07/25 12:46 a.m.7 views

Server Misconfiguration discloses passwords of all Barracuda Network Employees

Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy@Zigoo0 has found a Password disclosure vulnerability in one of Barracuda update...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/05/31 12:0 a.m.34 views

CentOS Update for gnutls CESA-2013:0883 centos5

Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2013:0883 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

5CVSS6.5AI score0.0644EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2012/08/13 3:15 p.m.10 views

Analysis Reveals Flame Malware's Process Injection Tricks

As researchers continue to pull apart the Gauss malware code, looking for spreading mechanisms and infection vectors, there is still some work being done on Gauss’s cousin Flame, as well. New research from CERT Polska reveals how deeply Flame burrows itself into infected systems, showing that the...

0.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/06/06 7:32 p.m.21 views

Microsoft Details Flame Hash-Collision Attack

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...

2.2AI score
Exploits0References4
seebug.org
seebug.org
added 2010/09/01 12:0 a.m.22 views

McAfee LinuxShield &lt;= 1.5.1 Local/Remote Root Code Execution

No description provided by source. !/usr/bin/perl Title: McAfee LinuxShield = 1.5.1 Local/Remote Root Exploit Name: nailsRoot.pl Author: Nikolas Sotiriu lofi lofiatsotiriu.de WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accept...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/28 12:0 a.m.21 views

McAfee LinuxShield 1.5.1 Remote Root Exploit

!/usr/bin/perl Title: McAfee LinuxShield WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool. use strict; use IO::Socket::SSL; use Getopt::Std; my %args; my $ack; my $timestamp;...

0.4AI score
Exploits0
Rows per page
Query Builder