48 matches found
The ‘Perfect Storm’ of Disinformation and Hacking
We live in an age of fake news, misinformation and disinformation. Recently, we have been falling for it – mostly. That is largely thanks to a confluence of social media, hacking and good old fashion disinformation campaigns, according to Matt “Pwn all the Things” Tait, a senior cybersecurity...
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status...
Nagios XI Network Monitor 2011R1.9 OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine...
Symantec pcAnywhere Insecure File Permissions / Privilege Escalation
======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0 pcAnywhere...
Websense (Triton 7.6) Authentication Bypass
======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 25...
Websense (Triton 7.6) Stored Cross Site Scripting
======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 2 November 2011...
NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation
======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT...
NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow
High Risk Vulnerability Oracle Grid Engine 30 April 2012 Edward Torkington of NGS Secure has discovered a High risk vulnerability in Oracle Grid Engine Impact: sgepasswd Buffer Overflow Versions affected: version 62u7 This has been addresses as part of oracle April update:...
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI
======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine...
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Arbitrary file download is possible with a crafted URL, when logged in as any user Versio...
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators
High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Any logged-in user can bypass controls to reset passwords of other administrators If role-bas...
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Session hijacking and bypassing client-side session timeouts Versions affected: All...
NGS00237 Patch Notification: Samba Andx request Remote Code Execution
High Risk Vulnerability in Samba 25 February 2012 Andy Davis of NGS Secure has discovered a high risk vulnerability in the Samba service Impact: Remote Code Execution Versions affected: Samba versions up to 3.4.0 More details about this vulnerability and how to obtain software updates can be foun...
NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution
High Risk Vulnerability in Samba on the BlackBerry PlayBook 23 February 2012 Andy Davis of NGS Secure has discovered a high risk vulnerability in the Samba service running on the BlackBerry PlayBook Impact: Remote Code Execution Versions affected: BlackBerry Tablet OS prior to v2.0.0.7971 More...
NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM
Critical Vulnerability in Symantec PCAnywhere 25 January 2012 Edward Torkington of NGS Secure has discovered a critical vulnerability in Symantec PCAnywhere Impact: Remote Code Execution pre-auth as SYSTEM Versions affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0 pcAnywhere Solution...
NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation
High Risk Vulnerability in Symantec PCAnywhere 25 January 2012 Edward Torkington of NGS Secure has discovered a high risk vulnerability in Symantec PCAnywhere Impact: Local Privilege Escalation Versions affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0 pcAnywhere Solution 12.5.x IT...
Symantec PCAnywhere Code Execution
No description provided by source. Critical Vulnerability in Symantec PCAnywhere 25 January 2012 Edward Torkington of NGS Secure has discovered a critical vulnerability in Symantec PCAnywhere Impact: Remote Code Execution pre-auth as SYSTEM Versions affected: Symantec pcAnywhere 12.5.x IT...