21 matches found
EUVD-2021-16424
Malware in sbrugna...
EUVD-2010-0587
Malware in sbrugna...
EUVD-2007-3004
Malware in sbrugna...
EUVD-2005-0585
Malware in sbrugna...
SUSE CVE-2018-18353
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...
Mozilla Firefox < 89.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 89.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-23 advisory. - Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safet...
Microsoft Windows Net Use Insufficent Authentication
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NET-USE-INSUFFICIENT-PASSWORD-PROMPT.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows "net use" Command Connects a...
New Actor DarkHydrus Targets Middle East with Open-Source Phishing
Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work. T...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PolicyKit vulnerabilities (USN-3717-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3717-1 advisory. Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use thi...
Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation Exploit
Exploit for macOS platform in category local exploits After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo help...
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and...
A new kind of Apple phishing scam
In a recent blog post, Felix Krause revealed a method for phishing Apple ID passwords on iOS that would be quite indistinguishable from a real iOS password request. This got us thinking about the ramifications—how else could this tactic be used in the Apple ecosystem, and what kind of damage coul...
CVE-2010-0556
browser/login/loginprompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication,...
Design/Logic Flaw
browser/login/loginprompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication,...
DD-WRT HTTPd DaemonService - Remote Command Execution
DD-WRT HTTPd DaemonService - Remote Command Execution This is a remote root vulnerability in DD-WRT's httpd server. The bug exists at the latest 24 sp1 version of the firmware. The problem is due to many bugs and bad software design decisions. Here is part of httpd.c: 859 if containsstringfile,...
Apple iTunes < 8.1 Multiple Vulnerabilities (uncredentialed check)
The version of Apple iTunes on the remote host is prior to version 8.1. It is, therefore, affected by multiple vulnerabilities : - A remote attacker can cause a denial of service by sending a maliciously crafted DAAP message. Note that this vulnerability only affects iTunes running on a Windows...
Apple iTunes < 8.1 Multiple Vulnerabilities (credentialed check)
The version of Apple iTunes installed on the remote Windows host is older than 8.1. Such versions may be affected by multiple vulnerabilities : - It may be possible to cause a denial of service by sending a maliciously crafted DAAP header to the application. CVE-2009-0016 - When subscribing to a...
FreeBSD : opera -- multiple vulnerabilities (12d266b6-363f-11dc-b6c9-000c6ec775d9)
Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability : Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern...
Authentication flaw
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using 1...
CVE-2007-3012
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using 1...