CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...

The vulnerability of the Automated Note Search Tool component of the SAP Basis system management platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Automated Note Search Tool component of the SAP Basis system management platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

url.hqhl.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1087920 Security Researcher g0bl1nsec Helped patch 3735 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting url.hqhl.net website and...

DEBIAN-CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and...

Unspecified Vulnerability in SAP Basis Automated Note Search Tool

SAP Basis is a content management system. A security vulnerability exists in SAP Basis Automated Note Search Tool. An attacker could exploit the vulnerability to read sensitive information...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware

During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode where most of the software and system drivers will not be running in order to perform the file encryption process. Similar to the other variants of ransomware, ...

Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware

In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “ SATAN CRYPTOR .hta” and append ‘.satan’ as a file extension to the encrypted files. In addition, SatanCryptor will delete itself after the execution t...

CVE-2020-6307

Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...

CVE-2020-6307

Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...

Authorization

Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...

CVE-2020-6307

The CVE-2020-6307 issue affects SAP Basis Automated Note Search Tool across SAP Basis versions 7.00 to 7.54, where insufficient authorization checks allow reading of sensitive information. Multiple connected sources (Red Hat advisory, NVD entry, vendor notes, and Symantec writeup) corroborate an ...

CVE-2020-6307

Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...

SAP Basis Automated Note Search Tool CVE-2020-6307 Remote Authorization Bypass Vulnerability

Description SAP Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP Automated Note Search Tool SAP Basis 7.00 SAP Basis 7.01 SAP Basis 7.0...

Threat Analysis Unit (TAU) Threat Intelligence Notification: DeathRansom Ransomware

During mid-November, a new ransomware named ‘DeathRansom” was found being distributed. Similar to the other variants of ransomware, it will perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...

Dolibarr <= 9.0.5 Multiple Vulnerabilities

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

Mozilla FireFox Windows 10 x64 - Full Chain Client Side Attack // Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 8572494...

CVE-2012-4525

creationtimestamp| type| source ---|---|--- 2019-12-03 15:39:47+00:00| seen| https://t.me/VulnerabilityNews/11051 2019-12-03 16:03:07+00:00| seen| https://t.me/cibsecurity/8455 2019-12-03 16:03:43+00:00| seen| https://t.me/cibsecurity/8456 2019-12-03 18:02:20+00:00| seen|...

Xiaomi Mi Note 2 is vulnerable

Xiaomi Mi Note 2 is a smartphone from Chinese company Xiaomi Technology Xiaomi. A security vulnerability exists in the com.miui.powerkeeper app in Xiaomi Mi Note 2 build fingerprint: Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys. An attacker can exploit this vulnerability to make...