84 matches found
CVE-2019-13028
An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...
Design/Logic Flaw
An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...
CVE-2019-13028
The CVE-2019-13028 entry describes an issue in the eID client where a local web server is incorrectly implemented. Affects Windows versions before 3.1.2 and Linux versions before 3.0.3. The flaw allows remote attackers to run arbitrary code or delete arbitrary files via a crafted HTML page served...
CVE-2019-13028
An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...
Years-Long Phishing Campaign Targets Saudi Gov Agencies
An ongoing three-year-old phishing campaign has been targeting the credentials of Saudi Arabian government agencies — with a financially motivated actor the likely culprit. The campaign, code-named “Bad Tidings,” has siphoned victims’ credentials by pretending to be the Kingdom’s Ministry of...
Notes on Self-Publishing a Book
In this post I would like to share a few thoughts on self-publishing a book, in case anyone is considering that option. As I mentioned in my post on burnout, one of my goals was to publish a book on a subject other than cyber security. A friend from my Krav Maga school, Anna Wonsley, learned that...
interior-news.com XSS vulnerability
Open Bug Bounty ID: OBB-693943 Description| Value ---|--- Affected Website:| interior-news.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...
tcpdump: Buffer over-read in print-eigrp.c:eigrp_print() in EIGRP parser
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrpprint...
Tcpdump EIGRP Parser Buffer Overflow Vulnerability
Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.EIGRP parser is one of the enhanced interior gateway routing protocol...
UBUNTU-CVE-2017-12901
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrpprint...
doorsforbuilders.com XSS vulnerability
Vulnerable URL: http://www.doorsforbuilders.com/Custom-Solid-Wood-Interior-Doors-Collection.php?DoorSeries=1"...
doorsforbuilders.com XSS vulnerability
Vulnerable URL: http://www.doorsforbuilders.com/Paint-Grade-MDF-Door.php?Door=ts1000=TS-Series=Interior=1/-///'/"//--...
interior.gov.kh XSS vulnerability
Open Bug Bounty ID: OBB-201259 Description| Value ---|--- Affected Website:| interior.gov.kh Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Homestyler Interior Design - Customized SSL, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Homestyler Interior Design published at the 'play' market has multiple vulnerabilities...
Planner 5D - Interior Design - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Planner 5D - Interior Design published at the 'play' market has multiple vulnerabilities...
CVE-2014-7618
The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7618
The CVE-2014-7618 entry refers to the Interior Design Android app (package com.interior.design.mcreda) version 1.0, which does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The N...
CVE-2014-7618
The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
STOP using Facebook and Google and if you fear US spying
Edward Snowden, a former NSA systems analyst, have revealed the NSA's sweeping data collection of U.S. phone records and some Internet traffic and the programs target foreigners and terrorist suspects mostly overseas.According to the Constitution of all countries, capturing and reading emails or...