Lucene search
+L

427 matches found

threatpost
threatpost
added 2010/08/06 3:23 p.m.9 views

US CERT Warns on VxWorks Flaws

The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by...

1.5AI score
Exploits0References3
oraclelinux
oraclelinux
added 2010/07/21 12:0 a.m.49 views

firefox security update

firefox: 3.6.7-2.0.1.el5 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 3.6.7-2 - Update to 3.6.7 beta2 3.6.7-1 - Update to 3.6.7 3.6.4-9 - Fixed rhbz531159 - default browser check xulrunner: 1.9.2.7-2.0.1.el5 - Added...

9.3CVSS3.5AI score0.43382EPSS
Exploits27
threatpost
threatpost
added 2010/04/20 6:15 p.m.6 views

Fotos

En la izquierda está el default. Usted quiere apagar Todos. Y cambiar Redes de manera que ninguna de sus redes tenga permiso automático a menos que usted específicamente lo desee, como viejas fotos escolares. Después decida si desea Amigos de Amigos, etc., o para personalizar, seleccione Algunos...

2.4AI score
Exploits0
packetstorm
packetstorm
added 2010/02/10 12:0 a.m.107 views

Nautilus File Manager Proof Of Concept

According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. My Proof Of Concept works using the default settings. tested on VirtualBox: Ubuntu, 2.6.28-17-generic, GNOME, Nautilus 2.26.2 ++++ BEGIN BASE64 CONTENT ++++...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2010/02/08 12:0 a.m.52 views

GNOME Nautilus

According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. ref: http://library.gnome.org/users/user-guide/stable/gosnautilus-60.html.en This is a Proof Of Concept, it works using the default settings Local Files Only checked. ++++ BEGIN...

0.1AI score
Exploits0
redhat
redhat
added 2010/01/13 4:3 p.m.5 views

acroread: script injection vulnerability (APSB10-02)

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data...

10CVSS5.7AI score0.07732EPSS
Exploits2References4
exploitpack
exploitpack
added 2009/07/28 12:0 a.m.22 views

TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities

TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities ============================================================================== TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities...

7.6AI score
Exploits0
attackerkb
attackerkb
added 2009/06/25 11:14 p.m.4 views

CVE-2009-2213

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access...

6.5CVSS5.6AI score0.02016EPSS
Exploits0References5
threatpost
threatpost
added 2009/04/14 12:59 p.m.11 views

IE default settings exposes Intranet to attacks

From DarkReading Kelly Jackson Higgins Internet Explorer 7 and 8’s default security settings can be unsafe for internal, intranet-based Web applications, according to newly published research. Cesar Cerrudo, founder and CEO of Argennis, a security consulting firm in Argentina, has demonstrated th...

1.1AI score
Exploits0References4
exploitpack
exploitpack
added 2008/11/12 12:0 a.m.12 views

Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass

Belkin F5D8233-4 Wireless N Router Multiple Scripts - Authentication Bypass source: https://www.securityfocus.com/bid/32275/info The Belkin F5D8233-4 Wireless N Router is prone to multiple vulnerabilities because of a lack of authentication when users access specific administration scripts...

0.7AI score
Exploits0
packetstorm
packetstorm
added 2008/10/27 12:0 a.m.25 views

zubrag-upload.txt

//Title - Zubrag Uploader 1.0 Arbitrary Shell Upload Vulnerability //Vendor - zubrag.com/scripts/file-upload-form.php //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. The script attempts to hide the...

7.4AI score
Exploits0
gentoo
gentoo
added 2004/08/23 12:0 a.m.42 views

Cacti: SQL injection vulnerability

Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...

7.5CVSS3.9AI score0.02827EPSS
Exploits1
securityvulns
securityvulns
added 2004/06/07 12:0 a.m.30 views

TREND MICRO: The Protector Becomes The Vector Take II

Monday, June 07, 2004 !-- 1. When the product alerts it creates an html file in the temporary file of the user's machine the so-called "local zone" screen shot: http://www.malware.com/weallcar.png 29KB This html file is viewed from an Internet Explorer "browser object" and indicates what file is...

7AI score
Exploits0
gentoo
gentoo
added 2004/02/07 12:0 a.m.12 views

PHP setting leaks from .htaccess files on virtual hosts

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...

0.7AI score
Exploits0
nvd
nvd
added 2004/01/05 5:0 a.m.18 views

CVE-2003-0983

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...

7.5CVSS6.4AI score0.01884EPSS
Exploits0References1
nvd
nvd
added 2003/12/31 5:0 a.m.17 views

CVE-2003-1346

D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager...

10CVSS6.9AI score0.01951EPSS
Exploits0References5
cve
cve
added 2003/12/11 5:0 a.m.57 views

CVE-2003-0983

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, enabling unauthorized activity via (1) a local user account named “bubba,” (2) an open TCP port 34571, or (3) a DHCP server on the manufacturer’s test network when a local DHCP server i...

7.5CVSS6.8AI score0.01884EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2003/12/11 5:0 a.m.25 views

CVE-2003-0983

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...

6.4AI score0.01884EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/05/18 12:0 a.m.44 views

Unauthorized access via Xerox DocuTech

Default system settings and admin password...

4.9AI score
Exploits0References1Affected Software1
cert
cert
added 2001/09/26 12:0 a.m.21 views

Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device

Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...

7.3AI score
Exploits0References3
Rows per page
Query Builder