Lucene search
K

58 matches found

Information Security Automation
Information Security Automation
added 2018/12/21 6:21 p.m.196 views

Guinea Pig and Vulnerability Management products

IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...

Exploits0
Information Security Automation
Information Security Automation
added 2018/12/05 1:10 p.m.45 views

PRYTEK meetup: Breach and Attack Simulation or Automated Pentest?

Last Tuesday, November 27, I spoke at "Business Asks for Cyber Attacks" meetup organized by PRYTEK investment platform. The event was held at the PRYTEK Moscow office in a beautiful XIX century building of a former textile manufactory. The goal of the meetup was to talk about new approaches in...

6.8AI score
Exploits0
OSV
OSV
added 2018/08/28 11:2 a.m.10 views

SUSE-SU-2018:2539-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-15572: The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attacker...

8.4CVSS7.9AI score0.00523EPSS
Exploits0References61
ThreatPost
ThreatPost
added 2018/08/08 6:12 p.m.13 views

‘Chaff Bug’ Defense Rolls Out Shiny Objects for Attackers to Find

Camouflage and distraction have long been hallmarks of warfare, and it’s no different when it comes to the cyber-front. A group of researchers from New York University are taking the idea further than it’s gone before with the idea of introducing decoy bugs into code – ultimately non-exploitable...

7.7AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:43 p.m.32 views

Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows

Summary There are multiple vulnerabilities in open source expat XML parser that is used in DB2 Net Search Extender. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple...

9.8CVSS0.8AI score0.19069EPSS
Exploits3Affected Software1
rapid7community
rapid7community
added 2017/06/01 3:27 p.m.23 views

Live Dashboards for Demonstrating Remediation Progress

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution to secur...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2015/05/29 3:1 a.m.18 views

YASUO - Scans for Vulnerable & Exploitable 3rd-party Web Applications

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiti...

8.6AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/04/30 11:29 a.m.9 views

Hacking Traffic Systems for Fun and Chaos

It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless...

7.4AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/03/06 1:49 p.m.327 views

Microsoft, Kaspersky Shed Light on Sefnit Tor Botnet

Alarm bells went off last August when spikes in Tor client downloads were traced to a large click-fraud and Bitcoin-mining botnet called Sefnit. The malware was using the popular anonymity network to communicate with hackers in order to transmit stolen data and receive additional commands. In...

9.3CVSS8.5AI score0.99945EPSS
Exploits33References7
The Hacker News
The Hacker News
added 2013/03/18 3:32 p.m.7 views

Gaming Platforms as an attack vector against remote systems

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are...

7.2AI score
Exploits0
ICS
ICS
added 2013/01/03 7:0 a.m.155 views

Wind River VxWorks SSH and Web Server and General Electric D20MX

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Improper Input Validation --------- End Update A Part 1 of 4 --------- 2...

10CVSS7.8AI score0.06353EPSS
Exploits0References10
CERT
CERT
added 2012/07/17 12:0 a.m.59 views

Oracle Outside In contains multiple exploitable vulnerabilities

Overview Oracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats...

2.1CVSS6.7AI score0.01182EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2010/09/10 5:12 p.m.15 views

Executables, Other Files Can Be Used in Attacks Similar to DLL-Hijacking

There are a number of other file types that can be used in the same kind of attacks that have been used in the DLL-hijacking exploit in recent weeks. Experts say that executable files, Windows INI files and some other file types can be used in these same attacks. The attack scenario would be...

0.9AI score
Exploits0References4
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.27 views

Debian Security Advisory DSA 187-1 (apache)

The remote host is missing an update to apache announced via advisory DSA 187-1. OpenVAS Vulnerability Test $Id: deb1871.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 187-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.5CVSS0.7AI score0.94006EPSS
Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.15 views

barracudadrive 3.7.2 - Multiple Vulnerabilities

barracudadrive 3.7.2 - Multiple Vulnerabilities Luigi Auriemma Application: BarracudaDrive Web Server http://barracudaserver.com/products/BarracudaDrive/ http://barracudaserver.com/products/HomeServer/ Versions: = 3.7.2 Platforms: Windows Bugs: A directory traversal B scripts source visualization...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/16 12:0 a.m.29 views

HP-UX PHSS_27477 : s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update

s700800 11.04 Virtualvault 4.5 Inside Admin Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large da...

6.2CVSS5.5AI score0.0096EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/08/12 12:0 a.m.33 views

gaim remotely exploitable vulnerabilities in MSN component

Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...

7.5CVSS7AI score0.0495EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2003/04/21 12:0 a.m.29 views

mod_ntlm.txt

Product Description modntlm is an Apache module originially designed for Apache 1.3, now available for Apache 2.0 that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page:...

0.1AI score
Exploits0
Rows per page
Query Builder