Downloads Resources over HTTP

Overview Affected versions of product-monitor insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of aerospike insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP

Overview Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer but, logged-in and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a U...

Slack: User can start call in a channel of an unpaid account

Found a super minor issue that allows a user to start a call in a channel of an unpaid account. Besides the minor financial incentive for an attacker, this doesn't have a super high impact. Wanted to let you know anyway since it's not possible through the UI by default. To reproce it, start by...

UBUNTU-CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

MariaDB Server 5.5.x < 5.5.47 / 10.0.x < 10.0.23 / 10.1.x < 10.1.10 Multiple Vulnerabilities

Binary data 9287.prm...

New Relic: Basic Authorization over HTTP

Hi New Relic Team, While reviewing your host http://newrelic.com/ it was discovered that you are basic authorization over http , which is not a good practice If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials. Request:- GET /styleguide-layout...

Researchers Exploit Windows Group Policy Bug Patched in February

Researchers from Core Security were able to exploit a security vulnerability in Windows Group Policy — MS15-011 — that was patched in February by Microsoft. Nicolas Economou, a senior exploit writer at Core Security, explained in a blog entry last week that Microsoft had in fact fixed the bug,...

Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch

Apple's latest 35.4 MB update of iOS 7.0.6 doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be...

APPLE-SA-2013-09-20-1 Apple TV 6.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or...

TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation

Trustwave's SpiderLabs Security Advisory TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt Published: 2011-09-23 Version: 1.0 Vendor: Pantech http://www.pantechusa.com Product: Link P7040P, others may be vulnerab...

Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability

The host is installed with Microsoft Windows operating system and is prone to security bypass vulnerability. This NVT has been replaced by NVT secpodms10-015.nasl OID:1.3.6.1.4.1.25623.1.0.900740. OpenVAS Vulnerability Test $Id: gbmswindowsnicsecuritybypassvuln.nasl 5362 2017-02-20 12:46:39Z cfi ...

[SECURITY] Fedora 13 Update: dsniff-2.4-0.9.b1.fc13

A collection of tools for network auditing and penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy allow to passively moni tor a network for interesting data passwords, e-mail, files. Arpspoof, dnsspo of and macof facilitate the interception of network traffic normall...

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

Multiple Transport Layer Security TLS implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. The vulnerability exists during a TLS renegotiation process. If an attacker can intercept...