Lucene search
K

52 matches found

Cvelist
Cvelist
added 2019/06/18 8:15 p.m.22 views

CVE-2017-8328

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...

8.8AI score0.01372EPSS
Exploits1References3
Prion
Prion
added 2019/06/17 6:15 p.m.12 views

Cross site request forgery (csrf)

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...

6.8CVSS7AI score0.01128EPSS
Exploits1References3Affected Software2
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/02/05 10:47 a.m.55 views

Super-systemic IoT flaws

IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected car leads to problems with ALL the connected cars using that same system. That led to incidents such as the Mirai botnet...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/10/09 1:0 p.m.21 views

Let’s Continue the Skills Gap Conversation

Most analysis is that the cybersecurity skills gap or shortage is getting worse. ESG reported in CSOOnline that 2018 had the highest levels, at 51%, where organizations "claimed their organization had a problematic shortage of cybersecurity skills." It’s a complex problem, but I believe with...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/24 11:29 a.m.42 views

Nicholas Weaver on Cryptocurrencies

This is well-worth reading non-paywalled version. Here's the opening: Cryptocurrencies, although a seemingly interesting idea, are simply not fit for purpose. They do not work as currencies, they are grossly inefficient, and they are not meaningfully distributed in terms of trust. Risks involving...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/29 12:18 p.m.37 views

Estimating the Cost of Internet Insecurity

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2014/09/18 12:0 a.m.32 views

LoadedCommerce7 - Systemic Query Factory Vulnerability

No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...

7.1CVSS8.7AI score0.02682EPSS
Exploits6
0day.today
0day.today
added 2014/09/08 12:0 a.m.44 views

LoadedCommerce7 - Systemic Query Factory Vulnerability

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...

7.1CVSS0.6AI score0.02682EPSS
Exploits6
exploitpack
exploitpack
added 2014/09/07 12:0 a.m.25 views

LoadedCommerce7 - Systemic Query Factory

LoadedCommerce7 - Systemic Query Factory Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline:...

6.5CVSS8.9AI score0.02682EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/09/07 12:0 a.m.41 views

LoadedCommerce7 - Systemic Query Factory

Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...

8.8CVSS7AI score0.02682EPSS
Exploits6
ThreatPost
ThreatPost
added 2012/10/02 7:10 p.m.24 views

Team Ghost Shell Claims to Publish Records from Thousands of Universities

Lashing out against what they believe is a hopelessly broken international education system, the hacker collective Team Ghostshell published some 120,000 records from a number of the world’s top universities. They are calling the operation “Project WestWind.” In a post on Pastebin, the group...

0.9AI score
Exploits0References1
ThreatPost
ThreatPost
added 2011/07/28 9:34 p.m.13 views

The Next Security Scandal Will Be An Attack on High Frequency Trading Systems

The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...

7.4AI score
Exploits0References4
Rows per page
Query Builder