Lucene search
+L

1359 matches found

Tenable Nessus
Tenable Nessus
added 2015/01/07 12:0 a.m.30 views

OracleVM 2.2 : ntp (OVMSA-2015-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - increase...

7.5CVSS7.1AI score0.78717EPSS
Exploits8References8
Tenable Nessus
Tenable Nessus
added 2015/01/05 12:0 a.m.18 views

Fedora 20 : pyxdg-0.25-5.fc20 (2014-16357)

Fix CVE-2014-1624 pyxdg: TOCTOU race condition in getruntimedir when strict=False Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

3.3CVSS5.3AI score0.00315EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.19 views

OracleVM 2.2 : ntp (OVMSA-2009-0036)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix DoS with mode 7 packets 532639, CVE-2009-3563 - compile with -fno-strict-aliasing %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleV...

6.4CVSS7.5AI score0.32288EPSS
Exploits3References2
Hacker One
Hacker One
added 2014/07/15 3:54 a.m.48 views

Automattic: Missing HSTS header in https://app.simplenote.com

Hi, Vulnerable Website: https://app.simplenote.com I tested the website using firefox add-on called: Strict Transport Security Detector https://addons.mozilla.org/en-US/firefox/addon/strict-transport-security-d/ HSTS addresses the following threats: User bookmarks or manually types...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2014/06/07 4:34 p.m.23 views

Factlink: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)

Issue: Strict Transport Security with too short max age. Description: Your site use a good "Strict Transport Security" but with short MAX AGE! Severity: See more information below. Proof of Concept by ssllabs.com 100% affidability: "Strict Transport Security HSTS Yes max-age=2592000 TOO SHORT les...

6.7AI score
Exploits0
NVD
NVD
added 2014/05/26 4:29 a.m.14 views

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

4.3CVSS5.9AI score0.00415EPSS
Exploits0References2
Prion
Prion
added 2014/05/26 4:29 a.m.18 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

4.3CVSS6.4AI score0.00415EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2014/04/22 10:20 a.m.24 views

Localize: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)

Hello again team of Localize! I have already reported this bug to the HackerOne team..and they fix it..not immediately, because it's low priority but they fix it! Report: https://hackerone.com/reports/3709 : Issue: Strict Transport Security with too short max age. Description: Your site use a goo...

6.7AI score
Exploits0
myhack58
myhack58
added 2014/04/14 12:0 a.m.17 views

WordPress 3.8.2 cookie forgery vulnerability analysis-vulnerability warning-the black bar safety net

0x00 background See the WordPress 3.8.2 patch analysis HMAC timing attack, the eye opener, the original can also use the time difference to determine the HMAC. But I think this vulnerability is not a simple fix to this problem. To view the official information provided by:“the vulnerability is fr...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2014/03/11 2:5 p.m.24 views

HackerOne: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)

Hello team of HackerOne! I am Simone, and today I will report you a criptographic issue on your site! Issue: Strict Transport Security with too short max age. Description: Your site use a good "Strict Transport Security" but with short MAX AGE! Severity: See more information below. Proof of Conce...

6.7AI score
Exploits0
myhack58
myhack58
added 2014/03/03 12:0 a.m.31 views

Application there is a file include vulnerability Unix systems-vulnerability warning-the black bar safety net

Found time: Vulnerability type: a file that contains Belongs the establishment of the station program: other Belongs to the server type: General Belongs to the programming language: other Description: The target Unix system, the application may exist in the file containing the vulnerability. 1. T...

1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/02/18 12:0 a.m.20 views

Debian Security Advisory DSA 2863-1 (libtar - directory traversal)

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

5.8CVSS0.3AI score0.03277EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2014/02/03 12:0 a.m.28 views

librsvg2 security update (updated 02/05/2014)

2.26.0-6.3 - Fix add-permission-check.patch to update all rsvgpixbufnewfromhref callers 2.26.0-6.1 - Fix build by linking in -lm - io: Implement strict network policy CVE-2013-1881 Resolves: 1049155 2.26.0-6 - Store node type separately in RsvgNode CVE-2011-3146 Resolves: 735267...

6.8CVSS2.2AI score0.04418EPSS
Exploits1
n0where
n0where
added 2014/01/24 4:39 p.m.40 views

Tor Exit Relay Scanner: Exitmap

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. An exit node, the final destination in the series of servers Tor users hop through...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/01/09 11:17 a.m.10 views

Yahoo Encryption Slammed for Lack of Forward Secrecy, HSTS

Yahoo, as promised, rolled out HTTPs by default this week for its email service, bringing it in line with other Internet companies that have been securing users’ communication for years. But if Yahoo expected applause from security experts, it can think again. The response from those well-versed ...

7.1AI score
Exploits0References4
OpenVAS
OpenVAS
added 2013/08/19 12:0 a.m.35 views

PHP < 5.5.2 Session Fixation Vulnerability (Aug 2013)

PHP is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

6.8CVSS7.7AI score0.036EPSS
Exploits0References7
myhack58
myhack58
added 2013/07/30 12:0 a.m.17 views

ECSHOP latest cookie validation is not strict vulnerability-vulnerability warning-the black bar safety net

This vulnerability is what we in the non-authorization safety assessment when found. Is one ecshop station, by the conventional 0day broke the admin password, but can't open it. So you think, there is no possibility of the ciphertext md5 stored in the cookie to log in. Of course, the above...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.33 views

Fedora 19 : bzr-2.5.1-11.fc19 (2013-9538)

Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...

4.3CVSS7.3AI score0.04857EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.39 views

Fedora 18 : bzr-2.5.1-11.fc18 (2013-9620)

Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...

4.3CVSS7.3AI score0.04857EPSS
Exploits0References3
myhack58
myhack58
added 2013/06/07 12:0 a.m.13 views

Kerry friends of Science and technology cms upload vulnerability and fix-vulnerability warning-the black bar safety net

The program uses the upload page uploadfile. asp not be verified, leading to the establishment of malformations directory upload image the Trojans get a shell vulnerability. exp: the http://www.8090sec.com/admin/uploadfile.asp?uppath=mad.asp&upname=&uptext=form1. mad. asp His original Upload...

7AI score
Exploits0
Rows per page
Query Builder