CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2017/11/16 7:0 a.m.•42 views

CVE-2017-12290

CVE-2017-12290 affects Cisco Registered Envelope Service web interface. The issue involves multiple XSS and URL-redirect vulnerabilities due to insufficient input validation, allowing unauthenticated, remote attackers to execute arbitrary script code or steal browser-based information by luring u...

Cvelist•added 2017/11/16 7:0 a.m.•9 views

CVE-2017-12320

CVE•added 2017/11/16 7:0 a.m.•44 views

CVE-2017-12291

The CVE-2017-12291 issue affects Cisco’s Cloud-based Cisco Registered Envelope Service web interface. The vulnerability set stems from insufficient validation of user-supplied input in the web-based management UI, enabling an unauthenticated, remote attacker to perform cross-site scripting (XSS) ...

Cvelist•added 2017/11/16 7:0 a.m.•15 views

CVE-2017-12291

Cvelist•added 2017/11/16 7:0 a.m.•12 views

CVE-2017-12321

CVE•added 2017/11/16 7:0 a.m.•42 views

CVE-2017-12292

Cisco Registered Envelope Service (cloud-based) web interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user via a malicious link or crafted HTTP request to execute arbitrary...

CVE•added 2017/11/16 7:0 a.m.•39 views

CVE-2017-12320

Cisco Registered Envelope Service (web interface) contains multiple XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link or send a request to execute arbitrary script in the user’s browser or access browser-based...

Cvelist•added 2017/11/16 7:0 a.m.•16 views

CVE-2017-12292

CVE•added 2017/11/16 7:0 a.m.•49 views

CVE-2017-12323

The CVE-2017-12323 set concerns the Cisco Registered Envelope Service web interface. The connected documents confirm there are multiple XSS and redirect vulnerabilities in the service’s web UI due to insufficient validation of user-supplied input. Affected component: Cisco Registered Envelope Ser...

Qualys Blog•added 2017/11/14 5:6 p.m.•70 views

Implementing the CIS 20 Critical Security Controls: Slash Risk of Cyber Attacks by 85%

If a CISO needed to cut cyber attack risk by 85%, how would this security chief go about accomplishing that? Would the CISO even know where to begin? It’s safe to say that such a mandate would be considered daunting, and maybe even overwhelming. CISOs are scrambling to protect IT infrastructures...

7.3AI score

ThreatPost•added 2017/11/10 9:0 a.m.•12 views

Threatpost News Wrap Podcast for Nov. 10

Threatpost editors Mike Mimoso and Tom Spring discuss the week’s information security news, including Chris Valasek’s and Charlie Miller’s return to the security speaking rounds, a phony WhatsApp download pulled from Google Play, a deep dive into the recent cloud-based storage leaks, and the rece...

7AI score

Exploits0References7

Carbon Black Blog•added 2017/10/10 7:52 p.m.•41 views

Carbon Black’s Vision for the Predictive Security Cloud

Earlier today, during a keynote address at Cb Connect, I unveiled our vision for the Cb Predictive Security Cloud™️. The first of its kind, the Cb Predictive Security Cloud is an extensible, cloud-based cyber security platform that helps anticipate and prevent future and unknown cyberattacks. The...

6.4AI score

ThreatPost•added 2017/10/02 11:0 a.m.•11 views

Gary McGraw on BSIMM8 and Software Security

Software security pioneer Gary McGraw talks to Mike Mimoso about the latest iteration of the Building Security In Maturity Model BSIMM report. BSIMM is a snapshot of how some of the world’s biggest tech companies and enterprises are handling secure development practices. Gary talks about some of...

1.2AI score

Exploits0References4

CNVD•added 2017/09/23 12:0 a.m.•1 views

Memory Corruption Vulnerability in 360 Antivirus

360 Antivirus is a free cloud-based security antivirus program. 360 Antivirus suffers from a memory corruption vulnerability. An attacker could exploit this vulnerability to cause the scanning engine to terminate, resulting in a denial of service...

6.9AI score

BDU FSTEC•added 2017/09/22 12:0 a.m.•2 views

The vulnerability of the rzpnk.sys driver, a IOCTL handler for configuring a cloud-based system, allows a hacker to open a descriptor for arbitrary processes.

The vulnerability of the rzpnk.sys driver, a IOCTL handler for configuring a cloud-based system, is related to deficiencies in access control for the ZwOpenProcess procedure. Exploiting this vulnerability allows a malicious actor to open a descriptor for an arbitrary process remotely...

10CVSS7.8AI score0.77766EPSS

Exploits5References3Affected Software1

Citrix•added 2017/09/21 12:0 a.m.•4 views

FAQ: XenMobile Licensing Model

Question: What is difference between XenMobile MDM edition Licenses and Enterprise Edition Licenses? Answer: XenMobile MDM Edition Citrix XenMobile MDM edition is licensed under a per-user or per-device model. User licensing is based on how many unique users have registered devices on the...

7.1AI score

ThreatPost•added 2017/09/07 3:24 p.m.•7 views

New Dridex Phishing Campaign Delivers Fake Accounting Invoices

A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero. The global campaign is the latest in what security experts at Trustwave said is a wave of phishing attacks against Xero and other financial and accounting...

0.9AI score

Exploits0References5

Trend Micro Simply Security•added 2017/09/07 1:0 p.m.•39 views

An Established Solution for Mobile Threats

As much as smartphones and applications have evolved over the years, so has mobile malware. We’re seeing an increasing number of threats—from mobile ransomware and auto-clicking adware to dangerous backdoors that can compromise your privacy. And there are also legitimate personal applications tha...

6.7AI score