10 matches found
EUVD-2017-2740
Malware in sbrugna...
EUVD-2017-15648
Malware in sbrugna...
CVE-2019-12098
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...
heimdalsecurity.com XSS vulnerability
Vulnerable URL: https://heimdalsecurity.com/blog/?s=%22--%3E+%3C%2Fscript%3E%3Csvg%2Fonload%3D%27%3Balert%28%2FOPENBUGBOUNTY%2F%29%3B%27%3E Details: Description| Value ---|--- Patched:| Yes, at 11.10.2016 Latest check for patch:| 11.10.2016 11:41 GMT Vulnerability type:| XSS Vulnerability status:...
ZeuS Banking Trojan Resurfaces As Atmos Variant
Old nemeses die hard, especially when you’re banking malware named ZeuS. According to Denmark-based Heimdal Security, the potent 9-year-old malware ZeuS has morphed into the up-and-coming Atmos malware – now targeting banks in France. Researchers are warning that the criminals behind Atmos have...
GM Bot Banking Malware Source Code Leak
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...
Joomla Joins WordPress As TeslaCrypt Ransomware Target
Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeti...
This Android Malware Can Root Your Device And Erase Everything
A new Android malware has been making waves recently that have the capability to gain root access on your smartphone and completely erase your phone's storage. Dubbed Mazar BOT, the serious malware program is loaded with so many hidden capabilities that security researchers are calling it a...
CVE-2004-0371
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path...
Incorrect cross-realm trust handling in Heimdal
Heimdal does not correctly validate the transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path...