7691 matches found
Cybersecurity New Year’s resolutions, you say? Why not.
It's mid-January, and oh, how time flies. It wasn’t long since we bid farewell to 2017 and welcomed the new year with renewed hope and vigor. Of course, with such positivity comes a sense of an equally favorable outlook for the year ahead. However good that may sound, being faced with a tabula ra...
Design/Logic Flaw
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware subcomponent: Web Server Plugin. The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access...
CVE-2017-10262
CVE-2017-10262 affects Oracle Fusion Middleware’s Oracle Access Manager Web Server Plugin (component in 11.1.2.3.0). The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager, potentially leading to unauthorized access to data across Or...
CVE-2017-10262
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware subcomponent: Web Server Plugin. The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access...
OnePlus Site’s Payment System Reportedly Hacked to Steal Credit Card Details
This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend...
Fedora 27 : python-copr (2017-1fbb5ccbd6)
Change default COPR URL route from http://copr.fedoraproject.org to https://copr.fedorainfracloud.org Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...
Microsoft Word 2010 Service Pack 2 Multiple RCE Vulnerabilities (KB4011659)
This host is missing a critical security update according to Microsoft KB4011659 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
adyen.com XSS vulnerability
Open Bug Bounty ID: OBB-495955 Description| Value ---|--- Affected Website:| adyen.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on...
Man-in-the-Middle (MitM)
github.com/nlopes/slack is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the usage of hardcoded non-HTTPS Slack API URL...
Debian: Security Advisory (DLA-823-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LocalTapiola: Secure Client-Initiated Renegotiation
Renegotiation can open the door to attacks. There are two primary worries: CVE-2009-3555: This vulnerability allows a “man-in-the-middle” attacker to inject data into an HTTPS session and execute requests on behalf of the victim. Refer to CVE-2009-3555 for more details. Denial of Service DoS:...
F5 Networks BIG-IP : Apache HTTPD vulnerability (K83043359)
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port. CVE-2017-3169 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2017-17763
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection...
Design/Logic Flaw
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection...
CVE-2017-17763
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection...
CVE-2017-17763
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection...
CVE-2017-17763
SuperBeam versions up to 4.1.3 are affected when using LAN or WiFi Direct Share. The issue is that file transfers do not use HTTPS or any integrity-protection mechanism, enabling a remote attacker to send crafted files (e.g., via APK injection). Affected component: the LAN/WiFi Direct sharing cha...
Hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation
Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN. Hyperfox is capable of forging SSL certificates on the fly if you provide it with a root CA certificate and its corresponding key. If the target machine recognizes the root CA as trusted, then HTTPs...
CVE-2017-3194
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...
CVE-2017-3190
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...