CVE-2011-5117

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...

CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service block-processing outage and incorrect block count via unknown behavior on a Bitcoin network...

Potential remote code execution due to embedding of old django-piston

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46819. panel The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of...

Potential remote code execution due to embedding of old django-piston

The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safeload in the emitters.py python scripton line 412. Whilst it appears...

Nine Percent of Websites May be Malicious

Just fewer than 10 percent of websites serve some sort of malicious purpose, with an additional nine percent of sites being characterized as “suspicious” by Zscaler in a new research report. Zscaler ran 27,000 website URLs through a tool they developed to assess the security of websites and give...

Many Mac Users Running Vulnerable Java Versions

Researchers have known for a long time that many users don’t pay much attention to updating the third-party software, browser plugins and extensions, and that lack of care has been to the benefit of attackers for years. Attacks on Flash, Java, QuickTime and various other ubiquitous apps have been...

Default credentials

The Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100 and the IBM TS3310 tape library with firmware before R6C 606G.GS001, uses default passwords for unspecified user accounts, which...

Experts Tell Senate: Government Networks Owned, Resistance Is Futile

Network security experts from across the U.S. government told a U.S. Senate Armed Services Subcommittee Tuesday that federal networks have been thoroughly penetrated by foreign spies, and that current perimeter-based defenses that attempt to curb intrusions are outdated and futile. Speaking befor...

Spybot Search & Destroy Signature Update Check

The remote host has an outdated version of the Spybot Search & Destroy detection rule signatures, or it has never been updated. As a result, the remote host might contain malware. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58343; scriptversion"$Revision: 1.1 $";...

FreeBSD Ports: FreeBSD

The remote host is missing an update to the system as announced in the referenced advisory. VID f56390a4-4638-11e1-9f47-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID f56390a4-4638-11e1-9f47-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

MySQL < 5.0.54 / 5.1.23 / 6.0.4 Denial of Service

The version of MySQL installed on the remote host is older than 5.0.54, 5.1.23 or 6.0.4. A remote attacker could crash the server by exploiting a flaw in InnoDB code. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17833; scriptversion"1.6"; scriptcvsdate"Date:...

UN Says Old Server, Old Data Exposed In TeamP0ison Hack

In the wake of a highly visible hack of its network infrastructure, a spokeswoman for the United Nations Development Programme UNDP says that hackers from the group TeamP0ison compromised an unpatched server and that e-mail addresses and account passwords exposed in the attack were outdated. Staf...

Lax Security to Blame for NASDAQ Hack

The cyber attack on the NASDAQ OMX Group late last year was the result of shoddy security, according to a new report via Reuters. Computers running NASDAQ’s Director’s Desk, the software that was breached, had faulty firewalls, missing security patches and were running outdated software, like...

UCLA psychology department database hacked by Inj3ctor

UCLA psychology department database hacked by Inj3ctor Inj3ctor team of Hackers take responsibility for the release of information from the psychology department's database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published...

Solaris 10 (x86) : 146672-10

SunOS 5.10x86: ssl patch. Date this patch was last updated by Sun : Aug/07/12 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2013/06/09. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

Million ASP.Net web sites affected with mass SQL injection attack

Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...

http-wordpress-enum NSE Script

Enumerates themes and plugins of Wordpress installations. The script can also detect outdated plugins by comparing version numbers with information pulled from api.wordpress.org. The script works with two separate databases for themes wp-themes.lst and plugins wp-plugins.lst. The databases are...

50000 WordPress Sites infected with spam

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised...

50000 WordPress Sites infected with spam

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised...

kernel: /proc/PID/io infoleak

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc//io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password...