DEBIAN-CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

Slack: The POODLE attack (SSLv3 supported) at status.slack.com

@cryptographer found that for some regions, status.slack.com supported an outdated cipher suite, which we've since updated. Thanks @cryptographer! nmap -sV --version-light --script ssl-poodle -p 443 IP...

Event id 1 "An error occurred running the command: 'Install-DSFeatureClasses' " while propagating changes after adding StoreFront Server to a Server Group

You may be unable to propagate changes after adding StoreFront Server to existing Server Group. The propagation fails with following event inCitrix Delivery Services event log: Log Name: Citrix Delivery Services Source: Citrix Configuration Replication Service Date: dd/mm/yyyy hr:min:sec AM/PM...

Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Outdated/broken algorithms are MD4, MD5, SHA1, DES, ECB, RC4, Export ciphers, SSLv2, SSLv3, DH using keys less than 1024 Vulnerability Details CVEID: CVE-2016-2879...

Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench

Summary A Struts vulnerability affects IBM InfoSphere Metadata Workbench. Vulnerability Details CVEID: CVE-2017-15707 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted JSON request using outdated json-lib with the Struts REST plugin, a remote attacker...

M4Ngl3M3 - Common Password Pattern Generator Using Strings List

Common password pattern generator using strings list. Quick Installation: $ git clone https://github.com/localh0t/m4ngl3m3 $ cd m4ngl3m3 $ ./main.py Basic Help: usage: main.py -h -fy FROMYEAR -ty TOYEAR -sy -nf NUMBERSFILE -sf SYMBOLSFILE -cf CUSTOMFILE -sbs -sap -mm MUTATIONMETHODS MUTATIONMODE...

Microsoft Windows Defender AV: Number of days before virus definitions are outdated

This test checks the setting for policy OpenVAS Vulnerability Test $Id: defavdaysbeforevirusoutdated.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Windows Defender AV: Define the number of days before virus definitions are considered out of date Authors: Emanuel Moss Copyright: Copyrigh...

Microsoft Windows Defender AV: Number of days before spyware definitions are outdated

This test checks the setting for policy OpenVAS Vulnerability Test $Id: defavdaysbeforespywareoutdated.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Windows Defender AV: Define the number of days before spyware definitions are considered out of date Authors: Emanuel Moss Copyright:...

Federal Agencies Face an Uphill Battle in Cyber-Preparedness

In the wake of the elimination of the federal cybersecurity czar position, the latest federal cybersecurity preparedness report from the Office of Management and Budget OMB and the Department of Homeland Security DHS shows that U.S. government is nowhere near ready for prime time when it comes to...

GandCrab Ransomware Found Hiding on Legitimate Websites

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...

Outdated VRView Library Used, Leading to Reflected XSS

The vrview = 1.1.3 and wp-vr-view = 1.6 plugins are using an outdated version of the VRView library 2.0.2, which is affected by a reflected cross-site scripting issue. The PoC will be displayed once the issue has been remediated...

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

PT-2018-17701 · Mcafee · Mcafee True Key

Name of the Vulnerable Software and Affected Versions: McAfee True Key versions prior to 4.20.110 Description: The issue concerns a DLL Side-Loading vulnerability that allows local users to gain privilege elevation. This is achieved by not verifying a particular DLL file signature, which can be...

Ensure Application Security with Zend Server and RIPS

Zend Server is the ultimate and most secure software platform for deploying, monitoring, debugging, maintaining, and optimizing enterprise PHP applications. It also helps to keep the technology stack up-to-date and to avoid security risks that stem from outdated components. However, most of the...

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at...

GSA Bounty: SSH server compatible with several vulnerable cryptographic algorithms

An ssh-audit scan found that ssh.fr.cloud.gov supports sha1 for various purposesincluding exclusively for MAC addresses, as well as arcfour. Both of these are outdated and known vulnerable. The algorithms used are also indicative of an outdated SSH version OpenSSH 6 or Dropbear 2013. It's probabl...

Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Sprecher Automation SPRECON-E-C, PU-2433 vulnerable version: 8.49 most vulnerabilities, see "Vulnerable version" for details fixed...

Node.js third-party modules: [simple-server] HTML with iframe element can be used as filename, which might lead to load and execute malicious JavaScript

Hi Guys, simple-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. This is caused by outdated version of connect framework. Module: Simple Server allows you to easily get a node.js static file server up and running anywhere anytime...

LocalTapiola: Information exposure via error pages (www.lahitapiola.fi Tomcat)

Summary: Information exposure via error pages Description: Hello there! I take the risk that this report might be closed as a N/A but because you are running outdated tomcat I wanted to take this risk and report this to you. So here we go.. When you navigate to the page e.g...

Conarc iChannel - Improper Access Restrictions Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server Date: 2017-12-19 Exploit Author: Information Paradox CVE : CVE-2017-17759...