CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...

Node.js third-party modules: [http-live-simulator] Application-level DoS

The http-live-simulator npm package has an application level DoS vulnerability...

Input validation

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

The vulnerability of the SIP ALG application-level gateway on Junos OS MX Series routers allows a attacker to cause a service failure.

The vulnerability of the SIP ALG application-level gateway on Junos OS MX Series routers stems from resource release errors. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted SIP packets...

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...

Java Security Analysis for IntelliJ IDEA

New Plugin Features In the course of our last releases, we added various new functionalities and improved existing ones to enhance the quality of our IntelliJ plugin. These include support for analyzing Java code, support for multi-module projects, tracking and commenting of issues, and the optio...

The vulnerability in Simatic IT’s software lies in the lack of authentication mechanisms, which allows attackers to bypass identity verification at the application level.

The vulnerability in Simatic IT’s software is related to deficiencies in authentication mechanisms. Exploiting this vulnerability allows a malicious actor to bypass identity verification at the application level...

CVE-2018-15723

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...

John Summers Q&A - Evanta Global CIO Executive Summit

Akamai's John Summers, VP & CTO, spoke at the recent Evanta Global CIO Executive Summit, a gathering of 75 major organization CIOs. His session was titled, "Cloud Security - Adopt Zero Trust and Put Asset-Level Safeguards in Place." Here are some of the key questions he addressed. How do you...

A Man-in-the-Middle Attack against a Password Reset System

This is nice work: "The Password Reset MitM Attack," by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM PRMitM attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration...

Application Level Firewall OpenSnitch

Application Level Firewall OpenSnitch OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. OpenSnitch is an application level firewall, meaning then while running, it will detect and alert the user for every outgoing connection applications he’s running are creating. This can...

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.32 2.5.x versions prior to 2.5.10.1 Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 1 mishandles file upload, which allows remote...

CVE-2017-2684

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication...

Toxy - Hackable Http Proxy To Simulate Server Failure Scenarios And Network Conditions

Toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions , built for node.js / io.js . It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency...

By PHP deserialization remote code execution-vulnerability warning-the black bar safety net

In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE）vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...

Cisco PIX Firewall 4.x/5.x SMTP Content Filtering Evasion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1698/info Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain...

Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Mac OS X)

This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdesrmultvulnjun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 Mac OS X Authors: Arun...

Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities

This host is running Oracle GlassFish Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboracleglassfishservermultvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 20...

Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnmacosx01feb12.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 MAC OS X 01 Authors:...

Researcher Releases New Version of P0f Fingerprinting Tool

Security researcher Michal Zalewski has released a new version of a passive fingerprinting tool called P0f that has the ability to diagnose a wide range of components in an Internet connection, even uncovering clients that are trying to forge some part of their identity in the connection. P0f is ...