Lucene search
K

720 matches found

The Hacker News
The Hacker News
added 2011/11/08 6:51 p.m.8 views

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2011/11/08 2:23 p.m.7 views

Demo of Charlie Miller's iOS Code-Signing Bug

Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way...

2.5AI score
Exploits0
OpenVAS
OpenVAS
added 2011/09/23 12:0 a.m.20 views

CentOS Update for nspr CESA-2011:1282 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/09/06 3:12 p.m.16 views

Ten Reasons The Diginotar Breach Will Be Bigger Than Stuxnet

by Roel Schouwenberg Editor’s note: This story was reposted from Securelist.com. In an almost unprecedented event the Dutch minister of internal affairs gave a press conference at 1:15 AM Friday to Saturday night. He announced the Dutch government was revoking trust in Diginotar. Diginotar...

0.6AI score
Exploits0References2
Oracle linux
Oracle linux
added 2011/09/02 12:0 a.m.17 views

ca-certificates security update

2010.63-3.5 - BR java-openjdk 2010.63-3.4 - fix inclusion of code-signing-only certs in .trust.crt - Initial build 448497...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/05/18 5:28 p.m.11 views

The Social-Engineer Toolkit v1.4 latest Version !

The Social-Engineer Toolkit v1.4 latest Version ! The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2010/08/03 3:55 a.m.10 views

New Safari Bug Being Used to Jailbreak iPhones

A Web site set up to help iPhone users jailbreak their devices is using a flaw in the way that the iPhone handles PDF files to escape the phone’s sandbox security function and enable users to load applications that aren’t in Apple’s official App Store. The same flaw could easily be used to instal...

0.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/06/03 3:20 p.m.7 views

Facebook Developer Verification Won't Stop Rogue Apps

Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. While this is clearly a step in the right direction...

0.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2010/04/14 8:9 p.m.8 views

iPhone Sandbox Model Not Enough

The iPhone sandbox has always been held up as a major roadblock to thwart hackers from doing damage on the device. But, as European researchers Vincenzo Iozzo and Ralf Philipp Weinmann proved, a hacker can hijack a lot of sensitive data without ever leaving the iPhone sandbox. In this case, they...

0.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/03/24 10:55 p.m.11 views

iPhone Hacked at Pwn2Own; SMS Database Stolen

VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/08/24 12:0 a.m.32 views

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

10CVSS5.9AI score0.0503EPSS
Exploits0References15
securityvulns
securityvulns
added 2009/05/26 12:0 a.m.72 views

ATEN IP KVM Switches multiple cryptographic vulnerabilities

Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...

10CVSS1.5AI score0.03191EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2009/04/21 6:54 p.m.41 views

Charney plugs Microsoft end-to-end trust at RSA Conference

Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References1
Symantec
Symantec
added 2007/12/11 12:0 a.m.21 views

Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote...

1.2AI score
Exploits0Affected Software1
NVD
NVD
added 2007/03/02 10:19 p.m.18 views

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

6.2CVSS6.8AI score0.01423EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2007/03/02 10:19 p.m.4 views

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

6.2CVSS5.8AI score0.01423EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/03/02 10:0 p.m.23 views

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

6.8AI score0.01423EPSS
Exploits0References3
CVE
CVE
added 2007/03/02 10:0 p.m.51 views

CVE-2007-1220

The CVE-2007-1220 entry describes a vulnerability in the Hypervisor of the Microsoft Xbox 360 kernel (versions 4532 and 4548) where the syscall dispatcher parameters are not properly verified. This allows attackers with physical access to bypass code-signing requirements and execute arbitrary cod...

6.2CVSS6.8AI score0.01423EPSS
Exploits0References3Affected Software1
CERT
CERT
added 2002/05/30 12:0 a.m.19 views

Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"

Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2001/03/23 12:0 a.m.46 views

Security Bulletin MS01-017

---------------------------------------------------------------------- Title: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard Date: 22 March 2001 Software: All Microsoft customers should read the bulletin. Impact: Attacker could digitally sign code using the name "Microsoft...

0.1AI score
Exploits0
Rows per page
Query Builder