345 matches found
Microsoft Browser Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
RSA Conference 2019: NIST's Privacy Framework Starts to Take Shape
Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus. The National Institute of Standards and Technology has plans to help companies address data privacy with the...
RSA Conference 2019: Microsoft, Google, Twitter on Federal Privacy Regs
SAN FRANCISCO – With the advent of General Data Protection Regulation in Europe and state measures like the California Consumer Privacy Act CCPA of 2018 talk about a comprehensive U.S. privacy law has grown louder. However, some privacy advocates fear that any such federal legislation will be a...
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy
Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...
Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox
Web tracking has long been in the cross-hairs of privacy advocates, who say that marketers know entirely too much about individuals’ online activities. And to add insult to injury, the ubiquitous cookie system used to enable tracking also presents potential security threats, including cross-site...
Camelishing - Social Engineering Tool
Camelishing Social Engineering Tool Features 1. Bulk email sending 2. Basic Python Agent Creator 3. Office Excel Macro Creator 4. DDE Excel Creatoror Custom Payload 5. Return İnformation Mail Open Track Agent Open Track 6. AutoSave 7. Statistics Report 8. User Control Installation Modules $ pip...
Microsoft Windows: User control over installs
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winusercontrolinstalls.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow user control over installs Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...
CVE-2018-1000607
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...
CVE-2018-1000532
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...
Microsoft Windows 10: Toggle user control over Insider builds
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winallowbuildpreview.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Toggle user control over Insider builds Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
Hardcoded credentials
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
CVE-2018-11629
Default and unremovable support credentials user:lutron password:integration allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not...
Design/Logic Flaw
DISPUTED Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because...
Design/Logic Flaw
DISPUTED Default and unremovable support credentials user:lutron password:integration allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this ...
CVE-2018-11682
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can...
CVE-2018-11682
The CVE entries describe default and unremovable credentials enabling Telnet access to IoT devices using Lutron integration protocols (Stanza/HomeWorks QS HomeWorks/Lutron RadioRA 2) with Revision M–Y. The root cause cited is preserved credentials that cannot be changed, allowing attackers to gai...
CVE-2018-11681
Default and unremovable support credentials user:nwk password:nwk2 allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a...