Lucene search
K

3954 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.19 views

Rockwell Automation/Allen-Bradley Multiple Devices Authentication Bypass (ICSA-18-310-02)

Binary data 720141.prm...

8.6CVSS7.3AI score0.043EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/04/30 12:0 a.m.7 views

The vulnerability of the InnoDB component of the MySQL database management system, which allows a hacker to cause a service failure

The vulnerability of the InnoDB component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the MySQL protocol...

4.9CVSS6.5AI score0.02217EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2019/04/17 4:4 p.m.74 views

Malware targeting industrial plants: a threat to physical security

We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider the...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/04/15 12:7 p.m.47 views

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...

7.1AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.5 views

The vulnerability of the RouterOS operating system, related to errors in the watchdog timer, allows a intruder to reboot the device.

The vulnerability of the RouterOS operating system is related to errors in the watchdog timer’s operation. This vulnerability allows a malicious actor to reboot the vulnerable device remotely...

8.6CVSS7.6AI score
Exploits0References4Affected Software1
FireEye
FireEye
added 2019/04/10 4:0 a.m.21 views

TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

Overview FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. In December 2017, FireEye publicly released our first analysis on the TRITON attack where malicious actors used the...

7.8AI score
Exploits0References22
Github Security Blog
Github Security Blog
added 2019/04/09 7:43 p.m.26 views

Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'...

6.5CVSS0.8AI score0.06553EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/04/01 6:29 p.m.28 views

Session fixation

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...

7.5CVSS9.4AI score0.03255EPSS
Exploits0References3Affected Software1
Microsoft Secure
Microsoft Secure
added 2019/03/26 12:12 a.m.47 views

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may ...

7.7AI score
Exploits0
VMware
VMware
added 2019/03/26 12:0 a.m.49 views

VMSA-2019-0004:VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability

VMSA-2019-0004 VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0004 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCloud Director for...

9.8CVSS9.8AI score0.03255EPSS
Exploits0References10Affected Software1
Malwarebytes
Malwarebytes
added 2019/03/21 3:0 p.m.32 views

Are hackers gonna hack anymore? Not if we keep reusing passwords

Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...

Exploits0
NVD
NVD
added 2019/03/15 4:29 p.m.9 views

CVE-2018-19391

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

6.1CVSS6.4AI score0.00726EPSS
Exploits1References2
Prion
Prion
added 2019/03/15 4:29 p.m.12 views

Cross site scripting

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

4.3CVSS6.4AI score0.00726EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/03/15 4:0 p.m.12 views

CVE-2018-19391

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

6.5AI score0.00726EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2019/03/14 3:41 p.m.39 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...

4.7CVSS3.2AI score0.00504EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.5 views

The vulnerability of Microsoft Exchange Server’s mail server, related to inadequate access control, allows a hacker to alter the access rights to files.

The vulnerability of Microsoft Exchange Server is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to alter the access rights to files...

9.8CVSS7.2AI score0.23799EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.2 views

The vulnerability of the Microsoft SharePoint software package lies in errors related to the mechanism for checking the source markup of the application’s code. This allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft SharePoint software package is related to errors in the mechanism for checking the source markup of the application’s code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted content...

10CVSS7.7AI score0.99913EPSS
Exploits29References3
ThreatPost
ThreatPost
added 2019/02/27 5:24 p.m.63 views

Card-Skimming Scripts Hide Behind Google Analytics, Angular

A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice. According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS...

7.1AI score
Exploits0References5
NVD
NVD
added 2019/02/22 1:29 p.m.14 views

CVE-2019-7728

An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. The Bosch Smart Home App is not affected. iOS Apps are no...

7.5CVSS7.1AI score0.00476EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/02/15 12:0 a.m.7 views

The vulnerability of the Outside In Filters component within the software development kit (SDK) of Outside In Technology allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the HTTP protocol...

5.3CVSS6.3AI score0.01879EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder