Lucene search
K

84 matches found

NVD
NVD
added 2019/06/28 10:15 p.m.18 views

CVE-2019-13028

An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...

8.8CVSS8.6AI score0.03658EPSS
Exploits1References3
Prion
Prion
added 2019/06/28 10:15 p.m.17 views

Design/Logic Flaw

An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...

6.8CVSS8.6AI score0.03658EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/06/28 9:23 p.m.49 views

CVE-2019-13028

The CVE-2019-13028 entry describes an issue in the eID client where a local web server is incorrectly implemented. Affects Windows versions before 3.1.2 and Linux versions before 3.0.3. The flaw allows remote attackers to run arbitrary code or delete arbitrary files via a crafted HTML page served...

8.8CVSS8.5AI score0.03658EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/28 9:23 p.m.24 views

CVE-2019-13028

An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...

8.6AI score0.03658EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2019/03/20 8:3 p.m.122 views

Years-Long Phishing Campaign Targets Saudi Gov Agencies

An ongoing three-year-old phishing campaign has been targeting the credentials of Saudi Arabian government agencies — with a financially motivated actor the likely culprit. The campaign, code-named “Bad Tidings,” has siphoned victims’ credentials by pretending to be the Kingdom’s Ministry of...

0.3AI score
Exploits0References3
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2018/12/31 10:45 p.m.70 views

Notes on Self-Publishing a Book

In this post I would like to share a few thoughts on self-publishing a book, in case anyone is considering that option. As I mentioned in my post on burnout, one of my goals was to publish a book on a subject other than cyber security. A friend from my Krav Maga school, Anna Wonsley, learned that...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/11/01 6:39 p.m.12 views

interior-news.com XSS vulnerability

Open Bug Bounty ID: OBB-693943 Description| Value ---|--- Affected Website:| interior-news.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...

Exploits0
RedHat Linux
RedHat Linux
added 2018/04/10 12:0 a.m.8 views

tcpdump: Buffer over-read in print-eigrp.c:eigrp_print() in EIGRP parser

The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrpprint...

9.8CVSS7.6AI score0.02389EPSS
Exploits0References4
CNVD
CNVD
added 2017/09/14 12:0 a.m.0 views

Tcpdump EIGRP Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.EIGRP parser is one of the enhanced interior gateway routing protocol...

9.8CVSS9.4AI score0.02389EPSS
Exploits0References1
OSV
OSV
added 2017/09/13 12:0 a.m.4 views

UBUNTU-CVE-2017-12901

The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrpprint...

9.8CVSS7AI score0.02389EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2017/07/02 1:38 p.m.9 views

doorsforbuilders.com XSS vulnerability

Vulnerable URL: http://www.doorsforbuilders.com/Custom-Solid-Wood-Interior-Doors-Collection.php?DoorSeries=1"...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/06/27 2:33 p.m.15 views

doorsforbuilders.com XSS vulnerability

Vulnerable URL: http://www.doorsforbuilders.com/Paint-Grade-MDF-Door.php?Door=ts1000=TS-Series=Interior=1/-///'/"//--...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/12/30 7:52 a.m.7 views

interior.gov.kh XSS vulnerability

Open Bug Bounty ID: OBB-201259 Description| Value ---|--- Affected Website:| interior.gov.kh Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
hackapp
hackapp
added 2016/04/01 9:6 a.m.11 views

Homestyler Interior Design - Customized SSL, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Homestyler Interior Design published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:6 a.m.217 views

Planner 5D - Interior Design - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Planner 5D - Interior Design published at the 'play' market has multiple vulnerabilities...

1.1AI score
Exploits0References1Affected Software1
NVD
NVD
added 2014/10/20 10:55 a.m.15 views

CVE-2014-7618

The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.01098EPSS
Exploits0References3
Prion
Prion
added 2014/10/20 10:55 a.m.12 views

Information disclosure

The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.01098EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/10/20 10:0 a.m.44 views

CVE-2014-7618

The CVE-2014-7618 entry refers to the Interior Design Android app (package com.interior.design.mcreda) version 1.0, which does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The N...

5.4CVSS6AI score0.01098EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/10/20 10:0 a.m.19 views

CVE-2014-7618

The Interior Design aka com.interior.design.mcreda application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.01098EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2013/07/03 6:20 a.m.17 views

STOP using Facebook and Google and if you fear US spying

Edward Snowden, a former NSA systems analyst, have revealed the NSA's sweeping data collection of U.S. phone records and some Internet traffic and the programs target foreigners and terrorist suspects mostly overseas.According to the Constitution of all countries, capturing and reading emails or...

6.6AI score
Exploits0
Rows per page
Query Builder