115 matches found
UBUNTU-CVE-2019-10190
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...
CVE-2019-1890
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
CVE-2019-1890 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
Security feature bypass
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035...
Arbitrary File Download Vulnerability in CAJViewer, a Specialized Reader for China Knowledge Network (CNN)
CAJViewer is a series of CAJViewer products of National Engineering Research Center of CD-ROM and Tsinghua Tongfang Knowledge Network Beijing Technology Co., Ltd. and a special full-text format viewer for China Periodicals Network CJN, which supports TEB, CAJ, NH, KDH, and PDF format files of CJN...
Directory traversal
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...
CVE-2017-15527
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...
CVE-2017-15527
The CVE-2017-15527 entry concerns the Symantec Management Console. Affected product: Symantec Management Console (ITMS) prior to 8.1 RU4. Vulnerable component/behavior: directory traversal due to insufficient input validation/sanitization of user-supplied file names, allowing traversal sequences ...
Symantec Management Console Directory Traversal
SUMMARY Symantec has released an update to address an issue in the Symantec Management Console product. AFFECTED PRODUCTS Symantec Management Console --- CVE | Affected Versions | Remediation CVE-2017-15527 | Prior to ITMS 8.1 RU4, ITMS 8.0 POST HF6 & ITMS 7.6 POST HF7 | Upgrade to ITMS 8.1 RU4,...
CVE-2016-10337
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed...
CVE-2016-10337
Technical details for CVE-2016-10337 are not publicly available in the provided connected documents. The materials confirm a generic Android/Linux kernel validation issue but do not specify affected products, versions, exploitability, impact, or fixes. Monitor for updates.
CVE-2015-8890
platform/msmshared/partitionparser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate certain GUID Partition Table GPT data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard MMC, aka Android internal...
Threat Outbreak Alert RuleID22277: Email Messages Distributing Malicious Software on April 15, 2016
Medium Alert ID: 44691 First Published: 2016 April 15 19:26 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID22277 may contain the following files: Name | Si...
Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security
-= Advanced Information Security Corporation =- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email: lem.nikolas at gmail dot com Audit: OpenSSL v1.0.2 22nd of January, 2015 Release...
A combination of punches: three vulnerabilities to achieve a PayPal account-hijacking-vulnerability warning-the black bar safety net
PayPal is an eBay owned popular third-party payment product, similar to domestic PayPal. Recently researchers in their web applications were found in three high-risk vulnerabilities, an attacker can exploit these vulnerabilities to control any user of the PayPal account. The black bar safety net...
Fedora 20 : phpMyAdmin-4.2.6-1.fc20 (2014-8581)
phpMyAdmin 4.2.6.0 2014-07-17 =============================== - Undefined index warning with referenced column. - $cfg'MaxExactCount' is ignored when BROWSING is back - Multi Column sorting improved user experience - Server validation does not work while in setup/mysqli - Undefined variable when...
CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature...
CVE-2013-4339
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string...
[Subterfuge] Beta Version 4.2
Automated Man-in-the-Middle Attack Framework Abstract: Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart...
The cloud from the enterprise built Station system through the kill oday-vulnerability warning-the black bar safety net
Saying boring to code the site the next set of program analysis Can be to the cloud from the enterprise built Station system, download the number very much so look up First saw it in the background of the login. the asp file. A look at the side of there ass and... if request. Form"submit""" then ...