431 matches found
Default credentials
DISPUTED Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor...
Lynis 2.4.3 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
Update for Windows 8.1 OOBE to upgrade to Windows 10
Update for Windows 8.1 OOBE to upgrade to Windows 10 About this update This update is for Windows 8.1 out-of-box experience OOBE. This update lets you start an immediate free upgrade to Windows 10 during the Windows 8.1 OOBE process. This update applies only to the Windows 8.1 OOBE process. It is...
Name of Backups Entry Does Not Match Job Name
Challenge The name of the backup job has been changed, causing entries found under the Backups node to no longer match their associated job. In the example screenshot above, the job was first run with the name "Backup Job 1," and after the initial run, the job was renamed to "DC Backup." The...
[SECURITY] [DSA 3628-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3628-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3628-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3628-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2016 https://www.debian.org/security/faq -...
Facebook Messenger adds End-to-End Encryption (Optional) for Secret Conversations
Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed "Secret Conversations," will allow Messenger users to send and receive messages in a way that no one, including the FBI wi...
SAP NetWeaver AS JAVA SQL Injection Vulnerability
SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. An SQL injection vulnerability exists...
CVE-2015-3152
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-431)
This update for java-170-openjdk fixes the following issues : java-170-openjdk was updated to 2.6.5 - OpenJDK 7u99 boo972468 - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX...
UBUNTU-CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...
appRain 4.0.3 Cross Site Request Forgery
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: Fixed via Optional Module CSRF Protection Module http://www.apprain.com/extension/20/accounting-system?s Link: =Description Vendor Website: [email protected] Vulnerability Type: CSRF Remote...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to execute arbitrary code.
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a malicious actor to...
CVE-2015-6688
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via ...
CVE-2015-6688
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via ...
PE Static Malware Analysis: PortEx
PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading Header information from: MSDOS Header, COFF File Header,...
Lynis 2.1.0 - Security Auditing Tool for Unix/Linux Systems
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans. Supported operating system...
RAWR - Rapid Assessment of Web Resources
Features A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc. An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information. A report on relevent security headers, courtesy of SmeegeSec. a CSV Thre...
x64 Linux bind TCP port shellcode 81 bytes, 96 with password
x64 Linux bind TCP port shellcode 81 bytes, 96 with password. Shellcode exploit for linx86-64 platform / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free TCP bind port shellcode, optional 4 byte password Assemble...
x64 Linux reverse TCP connect 77 to 85 bytes, 90 to 98 with password
x64 Linux reverse TCP connect 77 to 85 bytes, 90 to 98 with password. Shellcode exploit for linx86-64 platform / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free reverse TCP shellcode, optional 4 byte password...