Solaris 10 (sparc) : 147692-81

JavaSE 7: update 79 patch equivalent to J. Date this patch was last updated by Sun : Apr/13/15 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 10 (sparc) : 152097-61

JavaSE 7: update 161 patch equivalent to JDK 7u161, 64bit. Date this patch was last updated by Sun : Oct/16/17 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Solaris 10 (x86) : 147228-01

X11 6.6.2x86: xrdb patch. Date this patch was last updated by Sun : Jun/14/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

IBM San Volume Controller / Storwize / FlashSystem 8.1.x < 8.1.0.1 privilege escalation vulnerability

According to its self-reported version number, the IBM San Volume Controller, Storwize or FlashSystem is vulnerable to an unspecified privilege escalation vulnerability within the Service Assistant GUI. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106844;...

Check Point Gaia Operating System < R77.20 Multiple NTP Client Vulnerabilities (sk103825)

The remote host is running a version of Gaia Operating System that is prior to R77.20 and thus, is potentially affected by multiple NTP client vulnerabilities. Note that NTP client is disabled by default. Further note that if the vendor's suggested mitigations are in place, this can be considered...

Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)

According to its self-reported version number, the version of Junos Space running on the remote device is 17.1R1, and is therefore affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104100; scriptversion"1.7";...

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability CVE-2017-9765, discovere...

Very Fast Network Logon Cracker: THC-Hydra

Very Fast Network Logon Cracker Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This fast, and...

Fedora 25 : wireshark (2017-6c91c98b33)

Security fix for Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

diffoscope -- arbitrary file write

Ximin Luo reports: v67 introduced a security hole where diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive...

Zendesk: SMTP user enumeration via mail.zendesk.com

Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server veri...

Default Password 'password' for 'admin1' Account

The account 'admin1' on the remote host has the default password 'password'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin1"; password = "password";...

Android Qualcomm Vulnerability Impacts 60 Percent of Devices

A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with...

Slack Plugs Token Security Hole

Popular collaboration and communication firm Slack rushed to plugged a security hole in its platform Thursday that was leaking some of its users’ private chats and files for anyone to access. Slack, a leading tool used by companies to communicate internally, was alerted by security firm Detectify...

Facebook Password Reset Bug Gave Hacker Access To Any Account

Anand Prakash could have hacked your Facebook account or anyone else’s. The India-based security researcher found a glaring password-reset vulnerability last month that has since been patched. The bug allowed him to crack open any of Facebook’s 1.1 billion accounts using a rudimentary brute force...

How to Hack WiFi Password from Smart Doorbells

The buzz around The Internet of Things IoT is growing, and it is growing at a great pace. Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell. Gone are the days when we have regular doorbells...

Adobe Flash Player for Mac <= 19.0.0.207 Vulnerability (APSB15-27)

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 19.0.0.207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. CVE-2015-7645, CVE-2015-7647,...

Microsoft releases Emergency Patch Update for all versions of Windows

In the wake of a critical Remote Code Execution vulnerability in all supported versions of its operating system platform, Microsoft has just issued an emergency fix. Yes, it’s time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run...

SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. bsc897654, CVE-2014-3640 - Fix performance degradation after migration. bsc878350 - Fix potential image corruption due to missi...

Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution

The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.93. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. CVE-2015-0311 - A double-free error...