Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

XML External Entity (XXE) Processing

zendframework is vulnerable to XML external entity XXE processing attacks. The attacks exist because it fails to scan the validity of XML input when loading XML...

The vulnerability of the Trend Micro OfficeScan antivirus protection, related to resource management errors, allows a perpetrator to execute the executable file fcgiOfcDDA.exe or cause damage to the INI files.

The vulnerability of the Trend Micro OfficeScan antivirus protection lies in resource management errors. Exploiting this vulnerability allows a malicious actor, who operates remotely and has access to the OfficeScan server, to execute the executable file fcgiOfcDDA.exe or cause damage to INI file...

Tenable SecurityCenter SQL Injection Vulnerability

Tenable SecurityCenter is a Nessus-inclusive vulnerability management platform from US-based Tenable Network Security. The platform simplifies vulnerability scanning, management and reporting and provides a console to manage policies, alerts, reports and plug-ins for Nessus. An SQL injection...

CVE-2017-11508

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a...

Heart Size: Yet Another Biometric

Turns out that heart size doesn't change throughout your adult life, and you can use low-level Doppler radar to scan the size -- even at a distance -- as a biometric. Research paper to be available soon...

Unspecified vulnerability in radare

radare is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'stringscanrange' function in the libr/bin/bin.c file in radare version 2.0.1. No details of the vulnerability are provided at this time...

UBUNTU-CVE-2017-16358

In radare 2.0.1, an out-of-bounds read vulnerability exists in stringscanrange in libr/bin/bin.c when doing a string search...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access WPA and WPA2 allowed reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...

Information disclosure

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...

ACLight - PowerShell Script for Advanced Discovery of Privileged Accounts (includes Shadow Admins)

ACLight is a tool for discovering privileged accounts through advanced ACLs Access Lists analysis. It includes the discovery of Shadow Admins in the scanned network. The tool queries the Active Directory AD for its objects' ACLs and then filters and analyzes the sensitive permissions of each one...

McAfee Security Scan Plus Remote Command Execution

Vulnerability Summary The following advisory describes a Remote Command Execution found in McAfee Security Scan Plus version 3.11.587.1 McAfee Security Scan Plus is “a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus,...

Lansweeper XML External Entity Injection Vulnerability

Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

CVE-2017-14087

A Host Header Injection vulnerability in Trend Micro OfficeScan XG 12.0 may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages...

CVE-2017-14089

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues...

CVE-2017-14088

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain th...

CVE-2017-14084

A potential Man-in-the-Middle MitM attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations...

CVE-2017-14086

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with...