7691 matches found
GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)
The remote host is affected by the vulnerability described in GLSA-201711-03 hostapd and wpasupplicant: Key Reinstallation KRACK attacks WiFi Protected Access WPA and WPA2 and its associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for...
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
General Security Guidelines for Veeam Self-Service Backup Portal
Security Considerations The security advice in this article is provided as a courtesy and is not intended to replace the advice of a professional security consultant. The advice in this article has been tested with the assumption that the machine operating Veeam Backup Enterprise Manager and/or...
Circle with Disney Rclient SSL TLD MITM Vulnerability(CVE-2017-2911)
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
CVE-2017-2913
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
Design/Logic Flaw
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
Design/Logic Flaw
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
CVE-2017-2912
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...
CVE-2017-2911
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
CVE-2017-2913
CVE-2017-2913 affects Circle with Disney and specifically the libbluecoat.so SSL validation path. The TALOS/NVD entries describe an exploitable MITM-style issue where SSL certificates for certain domain names can cause the Blue Coat library to accept a different certificate than intended, enablin...
CVE-2017-2911
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
CVE-2017-2912
CVE-2017-2912 affects Circle with Disney firmware 2.0.1 via the goclient SSL validation in the remote-control feature. The vulnerability arises because SSL certificate checking is insufficient: certificates for specific domains can cause goclient to accept an unintended certificate, enabling a MI...
CVE-2017-2912
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...
CVE-2017-2913
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
CrunchRAT - HTTPS-based Remote Administration Tool (RAT)
CrunchRAT currently supports the following features: File upload File download Command execution It is currently single-threaded only one task at a time, but multi-threading or multi-tasking is currently in the works. Additional features will be included at a later date. Server The server-side of...
eventbank.com XSS vulnerability
Open Bug Bounty ID: OBB-390833 Description| Value ---|--- Affected Website:| eventbank.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Reduce cloud adoption risks and deliver superior digital experiences with Akamai Cloud Delivery Platform - Part 1
Businesses are rapidly moving to the cloud and a recent IDG survey indicates that 70% of businesses have at least 1 application in the cloud and 16% plan to take their first app to the cloud in the next 12 months. However public cloud providers present their own challenges. They are unreliable...
Threatpost News Wrap Podcast for Nov. 3
Threatpost editors Mike Mimoso and Tom Spring discuss the week’s top information security news stories, including Google’s decision to drop HTTP Public Key Pinning in Chrome, a vulnerability in Google’s Issue Tracker, Mozilla’s decision to ban Canvas Fingerprinting, and a HTTPS issue with...
akka HTTP Detection
Detection of akka HTTP server. The script sends a connection request to the server and attempts to detect akka HTTP server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...
Updated opensc_etc packages fix security vulnerability
A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...