103 matches found
CVE-2017-3966 SB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...
CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection
Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Unauthorized Access Vulnerability in Xiao Feng Air Ching App Android Version
Ltd. developed with the work of the Xiao Feng Air Dorothy system APP, mainly used to monitor the indoor air quality and Xiao Feng Air Dorothy internal and external machine running status, monitoring items including PM2.5, formaldehyde, oxygen, temperature and humidity, and can be through the APP...
Industrial Cobots Might Be The Next Big IoT Security Mess
Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...
Jackson-Databind framework json deserialization code execution vulnerability analysis-vulnerability warning-the black bar safety net
2017/04/11, ayound reported a Jackson Databind framework json deserialization vulnerability, an attacker exploit the vulnerability in the server on the host to execute arbitrary code or system commands, obtain the web server control. Affected versions: The jackson databind 2.7.10 and 2. 8. 9 The...
Russian Hacker Pleads Guilty to Developing and Distributing Citadel Trojan
A Russian man accused of developing and distributing the Citadel Banking Trojan, which infected nearly 11 Million computers globally and caused over $500 Million in losses, has finally pleaded guilty to charges of computer fraud. Mark Vartanyan, 29, who was very well known as "Kolypto," pleaded...
OWOX, Inc.: invalid URL parsing with and '@'
Description : invalid URL parsing with and '@' this can harm full for user Live POC : https://[email protected]...
NSA Contractor Secretly Charged With Stealing Classified Secrets
The Federal Bureau of Investigation arrested a National Security Agency contractor working for Booz Allen Hamilton and charged him with stealing highly classified documents. Harold T. Martin III, of Glen Burnie, Md was charged in a criminal complaint filed in late August that became public...
FTC And Asus Settle Over Router Security
The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along...
itBit Exchange: email not required to be unique
Dear team.. i want to report a Logical Bug to your site.. The Bug is.. It's not Validationg a Previously Created Account on your site. means, A persone can Signup Many time with his old email... which is already Registerd. or an Attacker can OwerRight ur User's Previouse account with Fishy...
FreshFTP 5.52 - .qfl Crash (PoC)
FreshFTP 5.52 - .qfl Crash PoC Exploit Title: FreshFTP .QFL Local DOSWhile Parsing. Date: 9/15/2015 Exploit Author: UnN0n Software Vendor : http://www.freshwebmaster.com/ Software Link: http://www.freshwebmaster.com/download.html Version: 5.52 Tested on: Windows 7 x8632 BIT Steps to Produce the...
Authorization
Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...
Gamer Drugged His Girlfriend So He Could Play Xbox for a Few More Hours
Yes, you heard it right. A gamer drugged his girlfriend to avoid interruption while playing on his Microsoft's Xbox Live. The 23-year-old German man, who has not been named, was fined EUR€500 approx USD$555 by a judge in a Castrop-Rauxel district court, German website The Local reports. The man...
The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libf2c-3.2.3 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the strongswan-ikev1 package in the OpenSUSE operating system can lead to violations of the confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
CVE-2015-2247
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...
CVE-2015-2247
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...
Morgan Stanley Insider Theft Wealth Management Client Data
The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients. According to a company press release, the wealth management employee in question “has been terminated.”...
The number of silver online the Struts command execution vulnerability, the total station the fall-vulnerability warning-the black bar safety net
Vulnerability Title: The number of silver online the Struts command execution vulnerability, the whole Station fall Vulnerability type: command execution Harm level: high Brief description: The number of silver online some address the presence of the Struts command execution vulnerability...