CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

Telus Actiontec T2200H Local Elevation of Privilege Vulnerability

The Actiontec Electronics T2200H is a modem from Actiontec Electronics, USA. A security vulnerability exists in the Actiontec Electronics T2200H T2200H-31.128L.08 release. The vulnerability can be exploited by an attacker to obtain a shell with root privileges to permanently modify the device,...

How to Stop Robocalls—or At Least Slow Them Down

Let's be honest, you can't kill robocalls completely. But you can block more of them than you might think...

Security News This Week: A Teen Waltzed Into Mar-a-Lago

Google's ad-blocking backlash, a privacy lawsuit against Apple, and more of the week's top security news...

Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

More info at https://phabricator.wikimedia.org/T199540...

NetAware 1.20 Add Block / Share Name Denial Of Service

-- coding: utf-8 -- Exploit Title: NetAware 1.20 - 'Add Block' Denial of Service PoC Date: 22/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.infiltration-systems.com Software: http://www.infiltration-systems.com/Files/netaware.zip Version: 1.20 Tested on: Windows 7 Proof of Concep...

Easy WP SMTP v1. 3. 9）0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

Intelbras IWR 3000N - Denial of Service (Remote Reboot) Vulnerability

Exploit for hardware platform in category web applications /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a...

openstack-neutron: incorrect validation of port settings in iptables security group driver

A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...

ICSA-19-120-01_Rockwell Automation CompactLogix 5370

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5370 Vulnerabilities: Uncontrolled Resource Consumption, Stack-based Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to...

GitHub hosted Magecart skimmer used against hundreds of e-commerce sites

Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...

Don't Praise the Sri Lankan Government for Blocking Facebook

Social media can provide vital information in a crisis, and there's evidence that blocking it does more harm than good...

CVE-2019-3883

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2019:0931-1)

This update for openldap2 fixes the following issues : Security issues fixed : CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed bsc1041764. CVE-2017-17740: Fixed a denial of service slapd crash via a member MODDN operation that could have been...

Evillimiter - Limits Bandwidth Of Devices On The Same Network

A tool to limit the bandwidth upload/download of devices connected to your network without physical or administrative access. evillimiter employs ARP spoofing and traffic shaping to throttle the bandwidth of hosts on the network. This is explained in detail below. Requirements Linux distribution...

openSUSE Security Update : mailman (openSUSE-2019-495)

This update for mailman to version 2.1.27 fixes the following issues : This security issue was fixed : - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed : - The hash generated when...

Denial Of Service (DoS)

tomcat-coyote/tomcat-embed-core is vulnerable to denial of service. The HTTP/2 implementation did not timeout idling streams and allow them to be kept open without any read/write and request/response data. A remote attacker is able to exploit the vulnerability to keep an excessive number of open...

Partner Perspectives: Stay Proactive with Automated Threat Blocking from Carbon Black and IntSights

Alon Yotvat is a Senior Solutions Architect for IntSights. Carbon Black and IntSights have joined forces to combine next-gen endpoint security solutions with powerful external threat intelligence. This potent integration of cybersecurity technologies gives enterprises the protection they need to...

XenMobile: How to Block Apple App Store and iTunes Store using restriction Policy

This article details how to block installing any Apps and music from the Apple App Store and iTunes store, respectively, on the iOS...

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...