Abusing Windows Security: mimikatz

mimikatz is well known tool for extraction of plaintexts passwords, hashes, PIN codes and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. A lot of times after the initial exploitation phase attackers may want to get a firmer foothold...

CVE-2017-17556

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys...

CVE-2017-17556

CVE-2017-17556 affects Synaptics TouchPad drivers (notably the SynTP.sys driver) where a debug tool can be abused by a user with administrative privileges to modify registry keys and capture keyboard scan code information. The root cause is an unprotected debug mode in the Synaptics keyboard driv...

CVE-2017-16363

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for...

CVE-2017-16363

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for...

Socket and SSL error messages in Receiver for Windows 4.10

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Protocol driver error message in earlier versions While using receiver a common error that you might...

Debian DLA-1174-1 : konversation security update

It was discovered that there was a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes. For Debian 7 'Wheezy', this issue has been fixed in konversation version 1.4-1+deb7u2. We recommend that you upgrade your konversation packages. NOTE:...

MGASA-2017-0419 Updated konversation packages fix security vulnerability

Joseph Bisch discovered that Konversation could crash when parsing certain IRC color formatting codes CVE-2017-15923...

Rimet Wifi Smart Temperature Control Android APP is vulnerable to reset arbitrary account passwords

Rimet Wifi Smart Temperature Control Android APP is a management platform for smart hardware devices. Rimet Wifi Android APP is vulnerable to reset any account password. Attackers can reset any password and enter the device management interface to remotely operate various temperature control, gas...

10 tips for safe online shopping on Cyber Monday

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season. In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social...

Top Smart Android APP has logic design flaws

Top Smart Android APP is a marketing management software for the majority of users. The software can help users keep abreast of information developments and activities in the smart home industry. There is a logic design vulnerability in Top Smart Android APP. Attackers can log in to any account b...

CVE-2017-15923

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service crash via vectors related to parsing of IRC color formatting codes...

CVE-2017-15923

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service crash via vectors related to parsing of IRC color formatting codes...

Debian DSA-4033-1 : konversation - security update

Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat IRC client for KDE, could crash when parsing certain IRC color formatting codes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Mentalist - Graphical Tool For Custom Wordlist Generation

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper. Install from Source Prerequisites Linux APT package manager Check if Python 3 ...

Cross site scripting

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

CVE-2017-16635

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

Cloud Energy App has SMS Bombing Vulnerability

Cloud Energy App is a software about car rental service. There is an SMS bombing vulnerability in Cloud Energy App. An attacker can exploit the vulnerability to replay packets sending verification codes without restriction and bombard the client with SMS...

US Zip Codes Database Script SQL Injection Vulnerability

US Zip Codes Database Script is a set of US Zip Codes Database Scripts. A SQL injection vulnerability exists in US Zip Codes Database Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands with the 'state' parameter...

CVE-2017-15980

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...