Lucene search
+L

687 matches found

The Hacker News
The Hacker News
added 2019/07/15 5:44 p.m.1 views

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/06/06 12:0 a.m.6 views

PT-2019-16941 · Ibm · Ibm Security Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Information Queue ISIQ versions 1.0.0 through 1.0.2 Description: The issue arises from the missing HTTP Strict Transport Security header in the affected software. This allows users to potentially navigate to the unencrypted versi...

7.5CVSS5.8AI score0.00595EPSS
Exploits0References4
CNVD
CNVD
added 2019/05/29 12:0 a.m.2 views

SQL Injection Vulnerability in Tpshop v3.5 To***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

7.7AI score
Exploits0
OSV
OSV
added 2019/05/06 8:29 p.m.5 views

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

7.4CVSS5.8AI score0.01174EPSS
Exploits1References1
OSV
OSV
added 2019/04/23 7:32 p.m.6 views

CVE-2019-2671

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network...

8.2CVSS7.3AI score0.01287EPSS
Exploits0References1
OSV
OSV
added 2019/04/23 7:32 p.m.2 views

CVE-2019-2648

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS7.1AI score0.01863EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2019/04/18 4:31 p.m.13 views

Casino Goes All In and Wins Big with Imperva Security

There’s no good time to be hit by ransom-seeking DDoS attackers. For one casino-entertainment provider, the timing was particularly bad — right before one of its largest online poker events in 2016. The casino, which generates multiple billions in revenue per year, leveraged Imperva’s emergency...

0.4AI score
Exploits0
CNVD
CNVD
added 2019/04/18 12:0 a.m.5 views

Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36164)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

7.8CVSS6.6AI score0.00485EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/04/17 12:31 p.m.6 views

nodejs: Unintentional exposure of uninitialized memory

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

7.5CVSS6.5AI score0.03241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/08 12:0 a.m.14 views

PT-2019-4610 · Samba +1 · Samba +1

Name of the Vulnerable Software and Affected Versions: Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1 Description: A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the instal...

10CVSS6.5AI score0.99512EPSS
Exploits156References89
OSV
OSV
added 2019/03/21 4:0 p.m.6 views

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

7.5CVSS5.8AI score0.02124EPSS
Exploits2References2
OSV
OSV
added 2019/03/21 3:59 p.m.4 views

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

5.9CVSS5.8AI score
Exploits0References2
Imperva Blog
Imperva Blog
added 2019/03/06 6:54 a.m.53 views

Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor

SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...

Exploits0
Malwarebytes
Malwarebytes
added 2019/01/11 6:0 p.m.198 views

Luas data ransom: the hacker who cried wolf?

In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the rep...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.5 views

The vulnerability of the X Window System Xorg-server on the Astra Linux operating system allows a hacker to gain access to confidential data.

The vulnerability of the X Window System Xorg-server on the Astra Linux operating system is related to the lack of restrictions on the use of XungrabKeyboard and XgrabKeyboard functions for untrusted users, allowing the implementation of software tools with “keylogger” functionality. Exploiting...

5.5CVSS5.6AI score
Exploits0
CNVD
CNVD
added 2018/08/08 12:0 a.m.4 views

IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2018-24627)

IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Securi...

7.5CVSS6.8AI score0.00975EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/08/01 12:0 a.m.5 views

PT-2018-3814

Name of the Vulnerable Software and Affected Versions libpcap versions prior to 1.9.1 Description The issue is related to the sf-pcapng.c component in the libpcap library, which does not properly validate the PHB header length before allocating memory. This allows a remote attacker to impact data...

7.8CVSS6.8AI score0.04436EPSS
Exploits0References87
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

CVE-2018-2990

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Integration Broker. Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

7.4CVSS7.3AI score0.02184EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.53 views

Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre.

Summary IBM has released the following VM v2.0.1 for IBM Data Risk Manager in response to CVE-2017-5753 and CVE-2017-5715. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 Affected Products and Versions IBM Data Risk Manager - 2.0.0 Remediation/Fixes Customers must install IBM Data...

5.6CVSS4.2AI score0.93838EPSS
Exploits12Affected Software1
CNVD
CNVD
added 2018/01/26 12:0 a.m.7 views

ZEIT Next.js Directory Traversal Vulnerability (CNVD-2018-03103)

ZEIT Next.js is an open source general-purpose webapps development framework . A directory traversal vulnerability exists in ZEIT Next.js version 4 prior to 4.2.3. An attacker can exploit this vulnerability to access front-end JavaScript components or possibly obtain sensitive data...

7.5CVSS6.9AI score0.0906EPSS
Exploits0References1
Rows per page
Query Builder