CVE-2016-10125

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...

MS12-083: Vulnerability in IP-HTTPS component could allow security feature bypass: December 11, 2012

MS12-083: Vulnerability in IP-HTTPS component could allow security feature bypass: December 11, 2012 INTRODUCTION Microsoft has released security bulletin MS12-083. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...

supernumber.co.th XSS vulnerability

Vulnerable URL: http://supernumber.co.th/SuperNumbers/evaluates?evaluateNumber=%3C/script%3E%3Cimg%20src=x%20onerror=prompt/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 13:37 GMT Vulnerability type:| XSS Vulnerability status:|...

http-hsts-verify NSE Script

Verify that HTTP Strict Transport Security is enabled. HTTP Strict-Transport-Security HSTS RFC 6797 forces a web browser to communicate with a web server over HTTPS. This script examines HTTP Response Headers to determine whether HSTS is configured. References:...

Fluxion 0.23 - WPA/WPA2 Security Hacked Without Brute Force

Fluxion is a remake of linset by vk496 with hopefully less bugs and more functionality. It's compatible with the latest release of Kali rolling. Latest builds stable and beta can be found here here . If you're new, or just don't understand much about the project, have a look at the wiki . The...

FreeBSD : squid -- multiple vulnerabilities (41f8af15-c8b9-11e6-ae1b-002590263bf5)

Squid security advisory 2016:10 reports : Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing...

Apple Delays App Transport Security Deadline

Apple backtracked on its plan to enforce a year-end deadline that would of required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. On Wednesday Apple said a requirement for developers to adopt App Transport Security wou...

Design/Logic Flaw

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

CVE-2016-9154

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

CVE-2016-9154

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

CVE-2016-9154

Siemens Desigo PX Web modules (PXA40-W0/W1/W2; PXA30-W0/W1/W2 for PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U) are affected by CVE-2016-9154. The root cause is a pseudo-random number generator with insufficient entropy used to generate HTTPS certificates, enabling a r...

SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

openSUSE Security Update : ceph (openSUSE-2016-1500)

ceph was updated to version 10.2.4 and fixes the following issues : - A moncommand with empty prefix could crash the monitor boo987144, CVE-2016-5009 - Detect crc32 extension support from assembler on AArch64 boo999688 - Failing file operations on kernel based cephfs mount point could leave...

Morpheus - Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host... workflow: 1º - attacker - arp poison local lan...

Automating Phishing Activities: PhishLulz

Automating Phishing Activities PhishLulz is a Ruby toolset aimed at automating Phishing activities When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are:...

JVN#13218253: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Impact Cybozu Garoon uses HTTPS communication, therefore an attacker can not eavesdrop on communication under normal operations. However, if a user conducts a specific...

CVE-2016-9212

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

Design/Logic Flaw

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

CVE-2016-9212

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

Unable to install Backup Enterprise Manager

Challenge Attempting to install Backup Enterprise Manager results in a 'fail' during port selection, with the specified HTTPS Port being unavailable. Cause The port is already consumed by the World Wide Web Publishing Service Solution Disable the World Wide Web Publishing Service, proceed with th...