Lucene search
K

4752 matches found

ThreatPost
ThreatPost
added 2014/05/02 1:42 p.m.8 views

Critical Holes in OAuth, OpenID Could Leak Information, Redirect Users

UPDATE — A serious vulnerability in the OAuth and OpenID protocols could lead to complications for those who use the services to log in to websites like Facebook, Google, LinkedIn, Yahoo, and Microsoft among many others. OpenID and OAuth are commonly used authorization protocols. The protocols ar...

6.5AI score
Exploits0References7
Kitploit
Kitploit
added 2014/04/24 6:25 p.m.24 views

WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network

WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver WinpCap or MS network monitor and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect...

7AI score
Exploits0
n0where
n0where
added 2014/04/23 3:40 p.m.31 views

Mail Server In a Box

Mail-Box : Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in...

0.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/04/21 1:49 p.m.7 views

OpenICS ICS Protocol Decoder Builds Data Dictionaries

Industrial control system security has been called archaic, laughable and even non-existent. Most ICS and SCADA systems weren’t built with the Internet in mind, much less security, but yet they are at the forefront of manufacturing, building automation and critical infrastructure operations...

7AI score
Exploits0References4
OSV
OSV
added 2014/04/15 2:55 p.m.1 views

ALPINE-CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...

6.4CVSS7AI score0.0508EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2014/04/15 2:0 p.m.59 views

CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...

6.4CVSS7.6AI score0.0508EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/04/12 12:0 a.m.1 views

TLS and DTLS Heartbeat Extension

The Heartbeat Extension allows keep-alive functionality for TLS/DTLS protocols. Heartbeat consists of two message types, HeartbeatRequest and HeartbeatResponse...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/11 12:0 a.m.45 views

Plex Media Server 0.9.9.10 CSRF / Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Plex Media Server vulnerable version: confirmed in 0.9.9.10 fixed version: none impact: High homepage: http://www.plex.tv found:...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2014/04/10 12:0 a.m.31 views

Fedora Update for openssl FEDORA-2014-4910

Check for the Version of openssl OpenVAS Vulnerability Test Fedora Update for openssl FEDORA-2014-4910 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5.8CVSS8.2AI score0.99999EPSS
Exploits88References2
Fedora
Fedora
added 2014/04/09 12:59 a.m.37 views

[SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

7.5CVSS1.7AI score0.99999EPSS
Exploits88
The Hacker News
The Hacker News
added 2014/04/03 1:22 a.m.11 views

Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

The Distributed Denial of Service DDoS attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now...

7AI score
Exploits0
Cisco
Cisco
added 2014/03/31 8:22 p.m.22 views

Cisco IOS Software High Priority Queue Denial of Service Vulnerability

A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...

5.7CVSS6.3AI score0.00717EPSS
Exploits1References1
Fedora
Fedora
added 2014/03/31 2:12 a.m.46 views

[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.8CVSS0.11118EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2014/03/31 12:0 a.m.3 views

Multiple Antivirus Products RAR Parser MZ Character Sequence Security Bypass - Ver2 (CVE-2012-1443)

A security bypass vulnerability has been reported in multiple antivirus products. An attacker could exploit this vulnerability via a RAR file with an initial MZ character sequence. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on...

4.3CVSS6.3AI score0.99636EPSS
Exploits0
curl security advisories
curl security advisories
added 2014/03/26 8:0 a.m.6 views

wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.4CVSS6.9AI score0.0508EPSS
Exploits0Affected Software2
OSV
OSV
added 2014/03/26 8:0 a.m.13 views

CURL-CVE-2014-0138 wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.4CVSS6.8AI score0.0508EPSS
Exploits0
Fedora
Fedora
added 2014/03/21 9:36 a.m.34 views

[SECURITY] Fedora 20 Update: asterisk-11.8.1-1.fc20

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

7.5CVSS1.1AI score0.16262EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/03/04 12:0 a.m.39 views

RedHat Update for gnutls RHSA-2014:0247-01

Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2014:0247-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

5.8CVSS6.9AI score0.29958EPSS
Exploits2References2
Kitploit
Kitploit
added 2014/03/01 9:3 p.m.23 views

[Ncrack] High-Speed Network Authentication Cracker

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

7.5AI score
Exploits0
NVD
NVD
added 2014/02/22 9:55 p.m.24 views

CVE-2013-6949

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...

9.3CVSS7.3AI score0.01866EPSS
Exploits1References2
Rows per page
Query Builder