Lucene search
+L

673 matches found

CERT
CERT
added 2016/10/20 12:0 a.m.36 views

Synology NAS servers contain insecure default credentials

Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...

10CVSS9.7AI score0.0413EPSS
Exploits0References3
CERT
CERT
added 2016/10/20 12:0 a.m.41 views

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

Overview Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials. Description CWE-255: Credentials Management- CVE-2016-6551Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp ...

10CVSS9.8AI score0.02878EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2016/08/08 1:40 p.m.14 views

ProjectSauron APT On Par With Equation, Flame, Duqu

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day...

0.5AI score
Exploits0References6
The Hacker News
The Hacker News
added 2016/07/29 10:33 p.m.12 views

Best Free Password Manager Software You Can Download For 2018

When it comes to safeguarding your Internet security, installing an antivirus software or running a Secure Linux OS on your system does not mean you are safe enough from all kinds of cyber-threats. Today majority of Internet users are vulnerable to cyber attacks, not because they aren't using any...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2016/07/19 12:0 a.m.25 views

Strong intelligent academic management system /public/download. asp file the filename parameter arbitrary File Download vulnerability

No description provided by source...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/05/26 5:34 a.m.44 views

drchrono: SSL/TLS BEAST ATTACK

Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITH3DESEDECBCSHA RSAWITHAES128CBCSHA RSAWITHAES256CBCSHA TLSECDHERSAWITH3DESEDECBCSHA TLSECDHERSAWITHAES128CBCSHA TLSECDHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2...

3.1AI score
Exploits0
Samba
Samba
added 2016/04/12 12:0 a.m.550 views

The LDAP client and server don't enforce integrity protection

Description Samba uses various LDAP client libraries, a builtin one and/or the system ldap libraries typically openldap. As active directory domain controller Samba also provides an LDAP server. Samba takes care of doing SASL GSS-SPNEGO authentication with Kerberos or NTLMSSP for LDAP connections...

5.9CVSS0.2AI score0.09345EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2016/02/15 12:0 a.m.30 views

Possible Input Validation Circumvention

Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...

5.3CVSS4.8AI score0.07157EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2016/02/04 12:0 a.m.15 views

OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net

by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...

Exploits0
The Hacker News
The Hacker News
added 2016/01/26 4:41 a.m.12 views

Password Security — Who's to Blame for Weak Passwords? Users, Really?

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that...

7.3AI score
Exploits0
RubySec
RubySec
added 2016/01/25 12:0 a.m.41 views

Possible Input Validation Circumvention in Active Model

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...

5.3CVSS0.9AI score0.07157EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2016/01/21 4:41 a.m.8 views

You Wouldn't Believe that Too Many People Still Use Terrible Passwords

Some things online can never change like -- Terrible Passwords by Humans. When it's about various security measures to be taken in order to protect your Internet security, like installing a good anti-virus or running Linux on your system doesn’t mean that your work gets over here, and you are saf...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2016/01/06 8:34 a.m.44 views

Ruby on Rails: Validation bypass for Active Record and Active Model

Possible Input Validation Circumvention in Active Model There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions:...

5CVSS1.1AI score0.07157EPSS
Exploits0
Kitploit
Kitploit
added 2015/12/29 3:11 p.m.24 views

CenoCipher - Easy-To-Use, End-To-End Encrypted Communications Tool

CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, suc...

7.6AI score
Exploits0References1
The Hacker News
The Hacker News
added 2015/12/21 3:5 a.m.15 views

Top 8 Cyber Security Tips for Christmas Online Shopping

As the most wonderful time of the year has come - Christmas, it has brought with itself the time of online shopping. According to National Retail Federation, more than 151 million people shopped in store, but more than 100 Million shopped online during Cyber Monday sales and even why wouldn't it ...

6.7AI score
Exploits0
CERT
CERT
added 2015/12/10 12:0 a.m.41 views

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...

10CVSS8.3AI score0.02431EPSS
Exploits0References1
n0where
n0where
added 2015/10/25 9:59 p.m.26 views

System Hardening Guide

The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2015/09/03 1:38 a.m.37 views

Popular Belkin Wi-Fi Routers vulnerable to Hackers

US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU201168 Vulnerability ID said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlie...

10CVSS9.4AI score0.02817EPSS
Exploits0
CERT
CERT
added 2015/08/31 12:0 a.m.70 views

Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities

Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to...

10CVSS10AI score0.02817EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2015/07/22 11:42 p.m.20 views

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems...

7.6AI score
Exploits0
Rows per page
Query Builder