Bluetooth Gas Pump Skimmer Scam Nets $2 Million

Thirteen men were indicted this week for allegedly using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013. Documents released on Tuesday by the offices of Manhattan District Attorney Cyrus R. Vance, Jr...

Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Cyber Criminals will not let any way out without making Money. Another huge Credit Card theft and this time they targeted Gas Stations. 13 men were suspected and charged for stealing banking information, using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the...

Debian Security Advisory DSA 2800-1 (nss - buffer overflow)

Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library nss. With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. OpenVAS Vulnerability Test $Id: deb2800.nasl 6611 2017-07-07...

Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)

Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass Metasploit Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd...

Dahua DVR Authentication Bypass - CVE-2013-6117

Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabled DVRs Dahua-rebranded web-enabled...

CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network...

SSH Server CBC Mode Ciphers Enabled

The SSH server is configured to support Cipher Block Chaining CBC encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions. C Tenable Network...

xinetd: enables unintentional services over tcpmux port

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1...

UBUNTU-CVE-2013-2892

drivers/hid/hid-pl.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDPANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service heap-based out-of-bounds write via a crafted device...

[SECURITY] Fedora 18 Update: WebCalendar-1.2.7-1.fc18

WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. MySQL, PostgreSQL, Oracle, DB2, Interbase, MS SQL Server, or ODBC is required. WebCalendar can be setup in a...

[SECURITY] Fedora 19 Update: WebCalendar-1.2.7-1.fc19

WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. MySQL, PostgreSQL, Oracle, DB2, Interbase, MS SQL Server, or ODBC is required. WebCalendar can be setup in a...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

[SECURITY] Fedora 18 Update: kscd-4.10.5-1.fc18

KsCD is a small, fast, CDDB enabled audio CD player...

Design/Logic Flaw

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

kernel: perf_swevent_enabled array out-of-bound access

The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call...

Adobe Reader Enabled in Browser (Opera)

Adobe Reader is enabled in Opera. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid66520; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/04/11"; scriptnameenglish:"Adobe Reader...

Adobe Reader Enabled in Browser (Mozilla Firefox)

Adobe Reader is enabled in Mozilla Firefox. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid66519; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/04/11";...

kernel: perf_swevent_enabled array out-of-bound access

The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call...

VulnCheck KEV: CVE-2013-2094

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...