Lucene search
K

7691 matches found

RedHat Linux
RedHat Linux
added 2017/12/15 10:34 p.m.4 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/12/15 10:23 p.m.2 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
Cvelist
Cvelist
added 2017/12/15 2:0 p.m.17 views

CVE-2017-3190

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...

7.2AI score0.00423EPSS
Exploits0References3
CVE
CVE
added 2017/12/15 2:0 p.m.50 views

CVE-2017-3194

The CVE concerns Pandora’s iOS app prior to version 8.3.2, where SSL certificate validation was not performed correctly, enabling potential MITM attacks on HTTPS connections. Affected component: Pandora iOS app; root cause: improper SSL certificate validation. Impact: attacker on the same network...

8.1CVSS7.6AI score0.01282EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2017/12/13 12:0 a.m.4 views

Puppet Enterprise console session vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. console is one of the console tools. ...

6.5CVSS6.9AI score0.0162EPSS
Exploits0References1
Metasploit
Metasploit
added 2017/12/12 3:23 p.m.44 views

Apple_iOS Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 796904 include...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/12/11 7:58 p.m.14 views

A week in security (December 04 – December 10)

Last week on the blog, we looked at a RIG EK malware campaign, explored how children are being tangled up in money mule antics, took a walk through the world of Blockchain, and gave a rundown of what's involved when securing web applications. We also laid out the trials and tribulations of the...

6.8AI score
Exploits0
NVD
NVD
added 2017/12/11 5:29 p.m.16 views

CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

6.5CVSS6.3AI score0.0162EPSS
Exploits0References1
Prion
Prion
added 2017/12/11 5:29 p.m.16 views

Session fixation

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

4.3CVSS7AI score0.0162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/12/11 5:0 p.m.19 views

CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

6.4AI score0.0162EPSS
Exploits0References1
CVE
CVE
added 2017/12/11 5:0 p.m.51 views

CVE-2015-8470

CVE-2015-8470 affects Puppet Enterprise console: versions 3.7.x, 3.8.x, and 2015.2.x fail to set the secure flag on the JSESSIONID cookie in HTTPS, making remote cookie interception possible. This can lead to information disclosure or session hijacking as described in the sources. The connected d...

6.5CVSS6.3AI score0.0162EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2017/12/10 5:11 a.m.39 views

[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
Fedora
Fedora
added 2017/12/09 10:30 p.m.39 views

[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS0.11175EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/08 12:35 a.m.11 views

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted http:// vs. https:// Web pages. Increasingly, however, phishers are upping their game, polishing their copy and...

6.3AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/08 12:0 a.m.24 views

CMS Auditor Website 1.0 - SQL Injection

Exploit Title: CMS Auditor Website 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/cms-auditor-website/ Demo: http://74.124.215.220/projclient/client/auditor/ Version: 1.0 Category: Webapps Teste...

7.4AI score
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:5 a.m.641 views

Vulnerability in PAN-OS and Panorama on Management Interface

Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. Ref PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944...

1.3AI score0.9834EPSS
Exploits13References1Affected Software1
Microsoft KB
Microsoft KB
added 2017/12/04 12:0 a.m.6 views

Update Rollup 14 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 14 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Virtual Machine Manager. There are two updates available for Virtual Machine Manager, one for the Virtual Machin...

6.7AI score
Exploits0
Apple
Apple
added 2017/12/02 12:0 a.m.71 views

About the security content of iOS 11.2

About the security content of iOS 11.2 This document describes the security content of iOS 11.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

9.3CVSS0.2AI score0.84172EPSS
Exploits30References1Affected Software1
Ubuntu
Ubuntu
added 2017/11/29 1:19 p.m.62 views

USN-3498-1: curl vulnerabilities

Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10...

9.8CVSS7.5AI score0.11175EPSS
Exploits0
FireEye
FireEye
added 2017/11/28 7:0 p.m.9 views

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

7.5AI score
Exploits0References2
Rows per page
Query Builder