127 matches found
CVE-2018-20744
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...
Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net
One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...
Secure Speculative Execution
We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something...
Domain Analyzer
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...
DELTA - SDN Security Evaluation Framework
DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique. Agent-Manager is the control tower. It takes full control over all...
Somebody is watching you: IP camera, TV and Emma Watson’s smartphone
Today I want to talk today about privacy in a most natural sense. You probably have an internet-connected device with camera an microphone: smartphone, tablet, smart TV, ip camera, baby monitor, etc. - Can it be used to record video/audio and spy on you? - Of course, yes! - Only government and...
Cesar Cerrudo on Securing Smart Cities
IOActive Labs CTO Cesar Cerrudo talks to Ryan Naraine about major realistic security problems affecting technology implementations of smart cities — from traffic control systems to surveillance cameras and power grids — and warns that the damages from live attacks could be catastrophic. Download:...
Debian DLA-242-1 : imagemagick security update
This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats. Most of those potential security problems do not have a CVE number assigned. While the security implications of all of these problems are not all fully known, ...
General Purpose Fuzzing: Honggfuzz
Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace API / POSIX signal interface to detect and log crashes. Features Easy setup : No complicated configuration files or setup necessary —...
Research Shows Increase in Internet Filtering and Usage of FireChat App in Iraq
Researchers at Citizen Lab have taken a close look at the extent of Internet filtering in Iraq, as well as the security of a popular offline chat app used there, and found an increase in the number of services blocked by the government and identified serious privacy and security problems with the...
SGI IRIX 6.2 - day5notifier Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/345/info A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root. day5notifier wisely replaces a number of system...
Lynx Message Server Multiple Vulnerabilities
No description provided by source. 1. Summary The Micro Technology Services Inc. Lynx Message Server 7.11.10.2 and/or LynxTCPService version 1.1.62 web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a Facility wide Duress and...
Debian: Security Advisory (DSA-2845-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2780-1 (mysql-5.1 - several vulnerabilities)
This DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html OpenVAS Vulnerability Test $Id: deb2780.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated...
DSA-2780-1 mysql-5.1 - several
Bulletin has no description...
DSA-2771-1 nas - several
Bulletin has no description...
DSA-2760-1 chrony - several
Bulletin has no description...
Debian: Security Advisory (DSA-2760-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DefCamp 2013 - International Hacking and Information Security Conference in Romania
The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...
Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...