service.cctwip.com XSS vulnerability

Vulnerable URL: http://service.cctwip.com/tools/encrypt.jsp?callback=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Amazon Certificate Manager Brings Free SSL Certs to AWS Users

Amazon is getting into the certificate game. The company announced late last week that it launched a certificate manager to expedite the process of securing SSL/TLS certificates for customers looking to add HTTPS to their sites or apps. The move comes less than a year after Amazon applied to...

[SECURITY] Fedora 22 Update: openssh-6.9p1-10.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Telegram (API) - Cross Site Request Forgery Vulnerabilities

Document Title: =============== Telegram API - Cross Site Request Forgery Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1648 Release Date: ============= 2016-01-17 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] Fedora 23 Update: openssh-7.1p2-1.fc23

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

IRC Daemon STARTTLS Command Support

The remote IRC daemon supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid87817; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...

USN-2855-1: Samba vulnerabilities

Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. CVE-2015-322...

IRS Releases Seventh Security Tip

The Internal Revenue Service IRS has released the seventh in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes methods users can follow to...

Samba Man-in-the-Middle Attack Vulnerability

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. A man-in-the-middle attack vulnerability exists in Samba versions 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3. The vulnerability can be...

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

CenoCipher - Easy-To-Use, End-To-End Encrypted Communications Tool

CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, suc...

CloudForms: insecure password storage in PostgreSQL database

A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain acce...

UBUNTU-CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

France will not Ban Public Wi-Fi Or Tor Network, Prime Minister Valls Confirms

Despite the French Ministry of Interior's demands, France will not ban the TOR anonymity network or Free public Wi-Fi as a way to help the law enforcement fight terrorism. French Prime Minister Manual Valls has gone on record saying that a ban on Free public Wi-Fi is "not a course of action...

Tor Messenger - Chat over Tor, Easily

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber XMPP , IRC , Google Talk , Facebook Chat , Twitter , Yahoo , and others; enables Off-the-Record OTR Messaging...

Moderate: Red Hat Security Advisory: CFME 5.5.0 bug fixes and enhancement update

Updated cfme packages that fix a security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 4.0. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Kazakhstan makes it Mandatory for its Citizens to Install Internet Backdoor

Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way. Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus securi...

Signal Desktop Released by Moxie Marlinspike

In March when Moxie Marlinspike and Open Whisper Systems released the iOS version of the Signal encrypted messaging app, the noted security researcher promised to expand its reach and among other things, eventually release a desktop version of Signal. That vision was realized on Wednesday with th...

China APT Gang Targets Hong Kong Media via Dropbox

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a...