PHDays VII: To Vulnerability Database and beyond

Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it. But first of all, a few words about the conference itself. I can tell that...

[SECURITY] Fedora 25 Update: radicale-1.1.2-1.fc25

The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...

[SECURITY] Fedora 24 Update: radicale-1.1.2-1.fc24

The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...

[SECURITY] Fedora 26 Update: radicale-1.1.2-1.fc26

The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

A top consulting company, Forrester Research, recently published report "Vendor Landscape: Vulnerability Management, 2017". You can read for free by filling a small form on Tenable web site. What's interesting in this document? First of all, Josh Zelonis and co-authors presented their version of ...

Why moats and castles belong in the past

We are all familiar with the enterprise security approach of treating an organization like a castle, and protecting it with a moat. Moats have been used for perimeter defense since ancient Egypt. While the moat and castle enterprise security approach has worked well in the past it is starting to...

Google Patches Android 'Custom Boot Mode' Vulnerability

A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and 6P...

New Wave of Hailstorm Spam Pelts Inboxes

Spammers are turning to an old technique known as hailstorm to slip past anti-spam and anti-malware filters. Researchers say that hailstorm spam, first spotted in 2008, has been improved and is once again being used, only this time to spread Dridex banking malware and Locky ransomware. “Hailstorm...

MODX CMS Detection (HTTP)

HTTP based detection of MODX CMS. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.106458";...

Evolution 1.1 and Prior Remote Execution

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...

evolution-data-server: IMAPx Component Information Disclosure

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

Moderate: Red Hat Bug Fix Advisory: evolution-data-server bug fix update

An update for evolution-data-server is now available for Red Hat Enterprise Linux 7. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the...

Long Term Evolution Network Information Disclosure Vulnerability

Long Term Evolution LTE is a 4G wireless broadband technology developed by the Third Generation Partnership Project 3GPP project team. An information disclosure vulnerability exists in LTE devices. An attacker could exploit this vulnerability to obtain sensitive information and execute a...

Ali poly security Android application vulnerability scanner analysis: local denial of service detection detailed explanation-vulnerability warning-the black bar safety net

Ali poly security of the Android application vulnerability scanners have a detection item is a local denial of service vulnerability detection using static analysis applied motion blur test of the method to the detection, the detection results are accurate and comprehensive. This article will tal...

Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities

Document Title: =============== Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1894 Release Date: ============= 2016-08-09 Vulnerability Laboratory ID VL-ID:...

Nuke Evolution 2.0.9d Cross Site Scripting

Document Title: =============== Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1894 Release Date: ============= 2016-08-09 Vulnerability Laboratory ID VL-ID:...

MSRT July 2016 – Cerber ransomware

As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows...

evolution.berkeley.edu XSS vulnerability

Vulnerable URL: http://evolution.berkeley.edu/evolibrary/search/imagedetail.php?id=235id=%22%27/%3E;%3C/style%3E%3Cscript%3Ea=eval;b=alert;a%28b%28/%20XSSPOSED/.source%29%29;%3C/script%3E%27%22%3E Details: Description| Value ---|--- Patched:| Yes, at 30.06.2016 Latest check for patch:| 30.06.2016...

Meet The Cryptoworm, The Future of Ransomware

Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and...

4 Pics 1 Word: Evolution - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application 4 Pics 1 Word: Evolution published at the 'play' market has multiple vulnerabilities...