190 matches found
CVE-2016-1411
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...
CVE-2016-1411
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...
Update Server API Exposure
The Palo Alto Networks update server enables downloading of PAN-OS software releases and dynamic updates through a public API. Some functions of the API were inadvertently exposed to the public...
Code injection
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...
CVE-2015-2908
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...
Lenovo ThinkPad series computers was traced to multiple security vulnerabilities-vulnerability warning-the black bar safety net
Recently, security firm IOActive at the Lenovo Series of computers found a security vulnerability, the attacker may be on the computers of legitimate applications replaced with malicious app and you can remotely execute malicious instructions. IOActive security researcher in the Bulletin elaborat...
Malwarebytes Anti-Malware < 2.0.3 'Upgrade' MITM Vulnerability - Windows
Malwarebytes Anti-Malware is prone to a man-in-the-middle MITM vulnerability through it SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-4936
The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...
Directory traversal
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a 1 .. dot dot in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or 2 %2E%2E encoded dot dot in the default URI to port 7074 ...
CVE-2014-5350
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a 1 .. dot dot in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or 2 %2E%2E encoded dot dot in the default URI to port 7074 ...
BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact:...
BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially...
CVE-2014-3265
CVE-2014-3265 describes a cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework used by Cisco Security Manager (CSM) 4.2 and earlier. The root cause is insufficient input validation of a parameter within the AUS web framework, enabling remote attackers to inject a...
Cisco Security Manager AUS Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of a parameter, which affects the Auto Update...
Server Misconfiguration discloses passwords of all Barracuda Network Employees
Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy@Zigoo0 has found a Password disclosure vulnerability in one of Barracuda update...
CentOS Update for gnutls CESA-2013:0883 centos5
Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2013:0883 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Analysis Reveals Flame Malware's Process Injection Tricks
As researchers continue to pull apart the Gauss malware code, looking for spreading mechanisms and infection vectors, there is still some work being done on Gauss’s cousin Flame, as well. New research from CERT Polska reveals how deeply Flame burrows itself into infected systems, showing that the...
Microsoft Details Flame Hash-Collision Attack
The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...
McAfee LinuxShield <= 1.5.1 Local/Remote Root Code Execution
No description provided by source. !/usr/bin/perl Title: McAfee LinuxShield = 1.5.1 Local/Remote Root Exploit Name: nailsRoot.pl Author: Nikolas Sotiriu lofi lofiatsotiriu.de WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accept...
McAfee LinuxShield 1.5.1 Remote Root Exploit
!/usr/bin/perl Title: McAfee LinuxShield WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool. use strict; use IO::Socket::SSL; use Getopt::Std; my %args; my $ack; my $timestamp;...