KLA10742 Security bypass vulnerability in Gajim

An unspecified vulnerability was found in Gajim. By exploiting this vulnerability malicious users can modify roster and intercept messages. This vulnerability can be exploited remotely via a specially designed roster-push IQ stanza. Original advisories - Related products Gajim CVE list...

Siemens Industrial Products DROWN Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last...

SSH Authentication Backdoor Vulnerability in Fortigate Firewalls

FortiGate Fita Firewall is a network firewall product from Fortinet Fita for defense against attacks such as network and malicious code at the network and content layers. Fortigate Firewall has an SSH authentication backdoor vulnerability. FortiGate firewall FortimanagerAccess user's password is...

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm...

Cisco Jabber for Windows STARTTLS Downgrade Attack

An attacker in a man-in-the-middle position could abuse a STARTTLS downgrade vulnerability in the Cisco Jabber client-server negotiation in order to intercept communication. Cisco warned its customers yesterday, but has yet to patch the vulnerability, which affects the Cisco Jabber clients for...

Microsoft Bans Superfish SSL Interception Adware

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a...

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

Samsung SoftAP Weak Password Vulnerability

Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours. ================================================================ Samsung softap weak random generated password This affects SmartTV and Printers ===============================================================...

kernel security and bug fix update

2.6.32-573.12.1 - Revert: netdrv igb: add support for 1512 PHY Stefan Assmann 1278275 1238551 2.6.32-573.11.1 - kvm svm: unconditionally intercept DB Paolo Bonzini 1279467 1279468 CVE-2015-8104 - x86 virt: guest to host DoS by triggering an infinite loop in microcode Paolo Bonzini 1277557 1277559...

IBM DataPower Gateway Cookies Session Missing Security Attributes Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

Session fixation

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...

How NSA successfully Broke Trillions of Encrypted Connections

Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency NSA powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden...

How A Drone Can Infiltrate Your Network by Hovering Outside the Building

Imagine you are sitting in your office and working on something confidential. Once you are done, you send a command to print that document. But, What if... ...the whole confidential document send to a hacker attacking from the air? Sounds pity but may be your Boss fires you immediately if that...

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

Session fixation

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

IBM WebSphere eXtreme Scale Information Disclosure Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale does not set a security flag for session cookies in SSL mode, allowing remote attackers to obtain cookie information by intercepting HTTP sessions...

Belkin N600 DB Wireless Dual Band N+ Security Bypass Vulnerability

Belkin N600 DB Wireless Dual Band N+ is a wireless dual band router product from Belkin USA. The Belkin N600 DB Wireless Dual Band N+ has a security vulnerability that allows an attacker to intercept packets containing the 'LockStatus:1' and 'LoginSuccess:0' strings on the embedded server side of...