Lucene search
+L

262 matches found

Malwarebytes
Malwarebytes
added 2018/04/02 4:3 p.m.51 views

A week in security (March 26 – April 01)

Last week, we looked at the thought process behind creating a ransomware decryptor, the inner workings of QuantLoader, the ways one can protect their Android devices, the exploit kits we have encountered this winter, the now-known epidemic of data breaches, the coming of TLS 1.3, and the ways one...

6.7AI score
Exploits0
Veracode
Veracode
added 2018/03/06 2:58 a.m.10 views

Insecure Random String Creation

ranger-hdfs-plugin uses insecure randomness. The vulnerability exists due to the usage of a insecure random generator during the creation of the wildcard path, allowing attackers to guess a string which may be being used...

6.6AI score
Exploits0
WPVulnDB
WPVulnDB
added 2018/03/02 12:0 a.m.23 views

NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured

The changelog states: "Secured: Gallery paths and the ability to manage tags Kudos: ElevenPaths Telefonica cibersecurity Unit"...

5CVSS2.5AI score0.0207EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/03/01 11:29 p.m.22 views

CVE-2017-6926

In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the...

8.1CVSS8.1AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2018/01/29 12:18 p.m.39 views

Estimating the Cost of Internet Insecurity

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...

6.8AI score
Exploits0
OSV
OSV
added 2018/01/03 8:29 p.m.26 views

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS9.9AI score
Exploits0References11
ThreatPost
ThreatPost
added 2017/11/10 9:0 a.m.13 views

Threatpost News Wrap Podcast for Nov. 10

Threatpost editors Mike Mimoso and Tom Spring discuss the week’s information security news, including Chris Valasek’s and Charlie Miller’s return to the security speaking rounds, a phony WhatsApp download pulled from Google Play, a deep dive into the recent cloud-based storage leaks, and the rece...

7AI score
Exploits0References7
Carbon Black Blog
Carbon Black Blog
added 2017/10/12 5:16 p.m.50 views

October 12, 2017 – Morning Cyber Coffee Headlines – “Fall Harvest Edition” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 12, 2017 - Headlines Carbon Black in the News: Ransomware market soars...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/10/06 5:42 a.m.28 views

Emergency Apple Patch Fixes High Sierra Password Hint Leak

Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said...

2.1CVSS7.7AI score0.00498EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2017/06/14 12:0 a.m.49 views

Alio Applicant Portal 6.0 SQL Injection

| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2017/03/11 6:46 a.m.35 views

CVE-2017-6466

F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the...

8.1AI score0.0154EPSS
Exploits0References2
NVD
NVD
added 2017/02/13 9:59 p.m.12 views

CVE-2016-8372

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware...

8.1CVSS8AI score0.01702EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2016/11/18 9:15 a.m.10 views

On PoisonTap, Internet of Things Regulation, and Ransomware

Mike Mimoso and Chris Brook discuss the news of the week, including this week’s House hearing on the Internet of Things, Samy Kamkar’s PoisonTap tool, and Windows 10’s ransomware protections. Show notes: Regulation May Be Best Answer to IoT Insecurity PoisonTap Steals Cookies, Drops Backdoors on...

2.9AI score
Exploits0References5
myhack58
myhack58
added 2016/05/18 12:0 a.m.18 views

Vulnerability warning: Docker Swarm Manager remote management port access-vulnerability warning-the black bar safety net

! Docker is a domestic and international Cloud Platform common application the lightweight container, AWS, Baidu, etc. are used. Typically used for lightweight deployment of applications. In Docker Swarm of deployment documentation, since the default there is some insecurity in the sample...

0.8AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:43 a.m.15 views

Rayman Adventures - Dangerous filesystem permissions, Insecure KeyStore, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Rayman Adventures published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:16 a.m.10 views

LaunchDay - Skylanders - Dangerous filesystem permissions, Insecure KeyStore, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application LaunchDay - Skylanders published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2016/02/09 8:42 a.m.4 views

sos: Usage of predictable temporary files allows privilege escalation

An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the...

7.8CVSS5.8AI score0.00438EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.16 views

Oracle: Security Advisory (ELSA-2010-0567)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.6CVSS9.6AI score0.00495EPSS
Exploits1References2
myhack58
myhack58
added 2015/08/25 12:0 a.m.25 views

ZigBee is exposed a serious security vulnerability-vulnerability warning-the black bar safety net

1, ZigBee is exposed a serious security vulnerability Along with technology the rapid evolution of IOTThe Internet of Things, IoTthe concept once again on the rise, people all around the daily necessities, terminal equipment, and household appliances also gradually been given of the network...

0.4AI score
Exploits0
OSV
OSV
added 2015/08/17 3:59 p.m.9 views

CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

5.5AI score
Exploits0References4
Rows per page
Query Builder