4178 matches found
Fedora: Security Advisory for systemd (FEDORA-2020-f8e267d6d0)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...
M-Trends 2020: Insights From the Front Lines
Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more. One of the most exciting takeaways...
Linux: Read /etc/group (KB)
The /etc/group file is a text file that defines the groups on the system. There is one entry per line, with the following format: - groupname:password:GID:userlist Note: This script only stores information for other Policy Controls. Copyright C 2020 Greenbone Networks GmbH Some text descriptions...
Linux: Unique primary groups for user accounts
The password file stores information about users such like username, UID, GID, etc. Users with same group can access and unintentionally or maliciously modify another user Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyrig...
CVE-2013-4228
The OG access fields visibility fields implementation in Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via...
Spoofing
The OG access fields visibility fields implementation in Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via...
CVE-2013-4228
CVE-2013-4228 affects the Drupal contributed module Organic Groups (OG) for 7.x-2.x prior to 7.x-2.3. The vulnerability arises from the OG access/visibility fields not properly restricting access to private groups, allowing remote authenticated users to guess node IDs, subscribe to, and read cont...
CVE-2013-4228
The OG access fields visibility fields implementation in Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via...
Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed "Fox Kitten ," the cyber-espionage campaign is said to have been directed a...
Verodin Director Web Console 3.5.4.0 Password Disclosure
Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...
CVE-2019-9495
A flaw was found in wpasupplicant. Side channel attacks were recently discovered in the SAE implementations used by both hostapd and wpasupplicant. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is ...
Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Persistence – Modify Existing Service
It is not uncommon for APT Groups to modify an existing service on the compromised host in order to execute an arbitrary payload when the… Continue reading - Persistence - Modify Existing Service...
January 23, 2020—KB4534308 (OS Build 17134.1276)
January 23, 2020—KB4534308 OS Build 17134.1276 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update wit...
Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation
Several different events in the Middle East ME region have escalated in the last several weeks between Iran and the United States. After a series of military operations between the two countries, several alerts were released from the U.S. government of a potential for cyberattacks. Traditionally...
This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a major crypto-spoofing bug impacting Windows 10 that has been fixed as part of Microsoft’s January Patch Tuesday update. Also,...
CVE-2014-8673
Multiple SQL vulnerabilities exist in planning.php, userlist.php, projets.php, usergroupes.php, and groupelist.php in Simple Online Planning SOPPlanningbefore 1.33...
AWS Report - Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...