673 matches found
Synology NAS servers contain insecure default credentials
Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...
Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials
Overview Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials. Description CWE-255: Credentials Management- CVE-2016-6551Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp ...
ProjectSauron APT On Par With Equation, Flame, Duqu
A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day...
Best Free Password Manager Software You Can Download For 2018
When it comes to safeguarding your Internet security, installing an antivirus software or running a Secure Linux OS on your system does not mean you are safe enough from all kinds of cyber-threats. Today majority of Internet users are vulnerable to cyber attacks, not because they aren't using any...
Strong intelligent academic management system /public/download. asp file the filename parameter arbitrary File Download vulnerability
No description provided by source...
drchrono: SSL/TLS BEAST ATTACK
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITH3DESEDECBCSHA RSAWITHAES128CBCSHA RSAWITHAES256CBCSHA TLSECDHERSAWITH3DESEDECBCSHA TLSECDHERSAWITHAES128CBCSHA TLSECDHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2...
The LDAP client and server don't enforce integrity protection
Description Samba uses various LDAP client libraries, a builtin one and/or the system ldap libraries typically openldap. As active directory domain controller Samba also provides an LDAP server. Samba takes care of doing SASL GSS-SPNEGO authentication with Kerberos or NTLMSSP for LDAP connections...
Possible Input Validation Circumvention
Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...
OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net
by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...
Password Security — Who's to Blame for Weak Passwords? Users, Really?
The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that...
Possible Input Validation Circumvention in Active Model
There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...
You Wouldn't Believe that Too Many People Still Use Terrible Passwords
Some things online can never change like -- Terrible Passwords by Humans. When it's about various security measures to be taken in order to protect your Internet security, like installing a good anti-virus or running Linux on your system doesn’t mean that your work gets over here, and you are saf...
Ruby on Rails: Validation bypass for Active Record and Active Model
Possible Input Validation Circumvention in Active Model There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions:...
CenoCipher - Easy-To-Use, End-To-End Encrypted Communications Tool
CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, suc...
Top 8 Cyber Security Tips for Christmas Online Shopping
As the most wonderful time of the year has come - Christmas, it has brought with itself the time of online shopping. According to National Retail Federation, more than 151 million people shopped in store, but more than 100 Million shopped online during Cyber Monday sales and even why wouldn't it ...
ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...
System Hardening Guide
The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...
Popular Belkin Wi-Fi Routers vulnerable to Hackers
US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU201168 Vulnerability ID said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlie...
Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities
Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to...
Bug in OpenSSH Opens Linux Machines to Password Cracking Attack
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems...