Lucene search
+L

2581 matches found

ThreatPost
ThreatPost
added 2017/03/30 6:0 a.m.12 views

Industry Braces for Repeal of ISP Privacy Rules

The U.S. House of Representatives voted Tuesday to overturn rules scheduled to go into effect later this year that would have banned internet service providers such as Comcast, Time Warner Cable and Verizon from tracking user online activities and reselling the data without consumers first...

6.9AI score
Exploits0References6
CNVD
CNVD
added 2017/03/27 12:0 a.m.5 views

NetIQ Access Manager Information Disclosure Vulnerability

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all Web access needs. The SAML2 implementation of the Identity Server in NetIQ Access Manager fails to properly handle unsigned SAML requests, allowing an attacker to disclose the results to a potentially malicious...

7.5CVSS6.7AI score0.0109EPSS
Exploits0References1
OSV
OSV
added 2017/03/23 6:59 a.m.6 views

CVE-2016-5752

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...

7.5CVSS5.8AI score0.0109EPSS
Exploits0References1
Prion
Prion
added 2017/03/23 6:59 a.m.11 views

Design/Logic Flaw

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...

5CVSS7AI score0.0109EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2017/03/16 9:23 p.m.12 views

Sony Is Working On Mobile-to-Mobile Wireless Charging Technology

So you are in a party with your friends, and your phone is running low on battery. Oops! The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party. What if you can charge your phone...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/08 3:41 p.m.16 views

Senator Demands Answers About CloudPets Breach

A U.S. senator has called Spiral Toys onto the carpet for its data security practices in light of the recent CloudPets breach. Sen. Bill Nelson D-FL, a ranking member of the Committee on Commerce, Science and Transportation and backer of a 2016 report on security and privacy concerns related to...

6.8AI score
Exploits0References8
CISA
CISA
added 2017/03/08 12:0 a.m.9 views

National Consumer Protection Week

March 5–11 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its fellow agencies highlight free resources to help protect against consumer...

6.9AI score
Exploits0References5
Hacker One
Hacker One
added 2017/03/05 5:51 a.m.58 views

X (Formerly Twitter): [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable

First of all, really sorry for the unintentional DoS : I was testing it with a fresh bearer token but copied the production one accidentally. Details I've noticed that TweetDeck is using OAuth2 to issue requests Authorization Bearer token: http GET...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/01 11:47 a.m.8 views

Robots Rife With Cybersecurity Holes

Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future. Researchers at IOActive Labs released a report Wednesday warning that consumer, industrial and service robots in use today have serious security vulnerabilities...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/01/31 12:0 a.m.20 views

Fedora 24 : fedmsg (2017-a73bc7ac5d)

Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...

7.5CVSS7.2AI score0.01505EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/01/04 3:44 p.m.13 views

FTC Issues Public Challenge to Improve IoT Patching

Admittedly, patching existing connected devices in the wild is easier said than done. But that’s not deterring the Federal Trade Commission from soliciting help in finding a solution. The U.S. government agency today announced the kickoff of the FTC IoT Home Inspector Challenge, a prize contest...

0.7AI score
Exploits0References3
exploitpack
exploitpack
added 2016/10/09 12:0 a.m.25 views

Wacom Consumer Service - Unquoted Service Path Privilege Escalation

Wacom Consumer Service - Unquoted Service Path Privilege Escalation Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Exploit-db: https://www.exploit-db.com/author/?a=8724 Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalati...

1.5AI score
Exploits0
0day.today
0day.today
added 2016/10/09 12:0 a.m.44 views

Wacom Consumer Service - Unquoted Service Path Privilege Escalation

Exploit for windows platform in category local exploits Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalation Wacom's "Wacom Consumer Service" installs as a service with an...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/09 12:0 a.m.28 views

Wacom Consumer Service - Unquoted Service Path Privilege Escalation

Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Exploit-db: https://www.exploit-db.com/author/?a=8724 Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalation Wacom's "Wacom Consumer Service" installs as a service with an...

7AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2016/08/17 12:0 a.m.19 views

HPSBHF3549 rev.2 - ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege

Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...

0.2AI score
Exploits0
Fedora
Fedora
added 2016/07/23 7:7 p.m.29 views

[SECURITY] Fedora 24 Update: kf5-kactivities-5.24.0-1.fc24

A KDE Frameworks 5 Tier 3 API for using and interacting with Activities as a consumer, application adding information to them or as an activity manager...

7.5CVSS2.6AI score0.04429EPSS
Exploits1
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.70 views

Lenovo Accelerator Application Insecure Update Mechanism

Lenovo Security Advisory: LEN-6718 Potential Impact: Remote code execution by an attacker with local network access Severity: High Scope of Impact: Lenovo products described below Summary Description: A vulnerability was identified in the Lenovo Accelerator Application software which could lead t...

9.3CVSS7.3AI score0.01957EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/05/13 12:0 a.m.9 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Android operating system’s media server is related to the improper initialization of certain data structures. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application, which is associated with the...

4.3CVSS6.3AI score0.00418EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2016/05/10 12:5 p.m.12 views

FCC, FTC Investigate Mobile Security Update Practices

The glowing lack of public, real-world Stagefright exploits didn’t stop the U.S. government from using last summer’s blockbuster Android vulnerability as an illustration of the dangers facing mobile device users. Under the context of Stagefright exposing up to 1 billion devices to attack, the...

0.1AI score
Exploits0References6
OSV
OSV
added 2016/05/09 10:59 a.m.4 views

CVE-2016-2460

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...

5.5CVSS5.8AI score0.00418EPSS
Exploits0References2
Rows per page
Query Builder