Lucene search
K

489 matches found

Microsoft Secure
Microsoft Secure
added 2018/10/18 4:0 p.m.60 views

CISO series: Building a security-minded culture starts with talking to business managers

Cybersecurity is everyones business; protecting the company and its users against data leaks is no longer just the responsibility of IT and security operations. Everyone from the board to Firstline Workers has an important role to play. A culture that encourages individuals to believe they have a...

0.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2018/10/11 12:0 a.m.11 views

WooCommerce <= 3.4.5 - Authenticated Object Injection

According to WooCommerce: "Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions. These issues can be exploited by users with Shop Manager capabilities or greater, and we recommend all users running...

1.1AI score
Exploits0References3Affected Software1
0day.today
0day.today
added 2018/09/01 12:0 a.m.184 views

AZORult Stealer 2 Botnet SQL Injection Vulnerability

Exploit for php platform in category web applications Title: AZORult Stealer v2 Botnet - SQL injection Credit: Bilal KARDADOU URL: https://www.rekings.com/shop/azorult-stealer/ Product: 'AZORult Stealer v2 Botnet' Type: Paid Google Dork: N/A Description: Stealer of stored passwords, cookies,...

Exploits0
Lenovo
Lenovo
added 2018/08/16 2:27 p.m.665 views

L1 Terminal Fault Side Channel Vulnerabilities - US

Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...

5.4CVSS1.2AI score0.08101EPSS
Exploits0
Lenovo
Lenovo
added 2018/08/16 2:27 p.m.53 views

L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support US

No description provided...

7.3CVSS6.7AI score0.08101EPSS
Exploits0
Kitploit
Kitploit
added 2018/08/07 10:23 p.m.49 views

Apfell - A macOS, Post-Exploit, Red Teaming Framework

A macOS, post-exploit, red teaming framework built with python3 and JavaScript. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. Details Check out thre blog post on the initial release of the...

7.3AI score
Exploits0References4
CNVD
CNVD
added 2018/07/20 12:0 a.m.1 views

IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerabilities

IBM Rational Rhapsody Design Manager is collaborative design management software built on the IBM Jazz platform that helps design team members and stakeholders share, track, review, and manage designs.IBM Rational Software Architect Design Manager is a IBM Rational Software Architect Design Manag...

5.4CVSS5.4AI score0.00666EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.30 views

Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Summary Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a remote attacker...

9.1CVSS0.1AI score0.06224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.101 views

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...

9.8CVSS0.7AI score0.39341EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.44 views

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7668)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7668 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a buffer overread in the apfindtoken function. By...

7.5CVSS0.7AI score0.57472EPSS
Exploits1Affected Software1
ICS
ICS
added 2018/05/22 12:0 a.m.81 views

BD Kiestra and InoquIA Systems (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable from adjacent network Vendor : Becton, Dickinson and Company BD Equipment : BD Kiestra and InoqulA systems Vulnerabilities : Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

6.3CVSS6.6AI score0.00412EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2018/04/25 12:0 a.m.29 views

HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion

Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10260 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac OS...

8.8CVSS8.8AI score0.05824EPSS
Exploits5
Imperva Blog
Imperva Blog
added 2018/03/08 6:45 p.m.961 views

RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications. Having said that, all of the attacks we have seen so far, were somewhat...

6.8CVSS8.8AI score0.99461EPSS
Exploits23
The Hacker News
The Hacker News
added 2018/01/01 11:53 p.m.18 views

Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords

Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices. The major concern is that the same...

6.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/11/09 11:10 p.m.70 views

Deliver secure digital experiences using Akamai Cloud Delivery Platform - Part 2

In the first part of this blog series, we discussed how you can leverage Akamai Cloud Delivery Platform, the world's largest and most trusted cloud delivery platform, to achieve the scalability, availability, reliability and performance needed to deliver superior digital experiences and maximize...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/10 11:19 a.m.52 views

Changes in Password Best Practices

NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: 1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2017/05/30 3:30 p.m.18 views

Faraday v2.5 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

7.1AI score
Exploits0References2
n0where
n0where
added 2017/03/09 5:1 a.m.41 views

Lightweight Arch Linux Based Security Distribution: BlackArch Linux

BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up to be used by security professionals for penetration testing tasks and security auditing. While the distribution can be installed on top of...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2017/02/28 11:32 p.m.9 views

9 Popular Password Manager Apps Found Leaking Your Secrets

Is anything safe? It's 2017, and the likely answer is NO. Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2017/02/01 2:21 p.m.15 views

Faraday v2.3 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

6.8AI score
Exploits0References2
Rows per page
Query Builder