772 matches found
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain unauthorized access to data or cause service failures.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to data or cause service failures using the HTTP protocol...
The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain full control over the application.
The vulnerability of the Core component in Oracle VM VirtualBox is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...
Flexible and Powerful Reverse Proxy: Modlishka
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...
Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...
CVE-2018-20022
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...
CVE-2018-20022
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...
Parlez-vous Machine?
Have you ever heard of the MQTT or CoAP protocols? No? Well the device on your wrist, and so many devices around you, could be using them right now. MQTT and CoAP are machine-to-machine or M2M protocols. With the rise of the internet of things IoT and operational technology OT, there’s increased...
CVE-2018-7958
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...
The vulnerability of the WLS Core Components of the Oracle WebLogic Server application server allows a hacker to gain full control over the application.
The vulnerability of the WLS Core Components component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application, using the T3 network protocol...
Security of Solid-State-Drive Encryption
Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...
No need for lock picking tools
This is something I knocked up to show how terrible some locks are. I found this one in my garage. It was from when my wife and I went to a Download festival a couple of years back and is a lock from one of those paid-for secure storage places where you can leave your car keys, phone etc. Let's...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - US
Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - Lenovo Support US
No description provided...
The vulnerability of the Core component of the Primavera Unifier application, which allows a hacker to gain unauthorized access to protected data.
The vulnerability of the Core component of the Primavera Unifier application, which is used for automating project management processes, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protecte...
The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.
The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...
The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.
The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams. Executive summary Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of our research, we...
RIPS becomes Joomla! Official Code Analysis Partner
RIPS and Joomla are pleased to announce a new partnership where Joomla will be using RIPS industry leading code analysis solution to continuously scan the Joomla code base for tangible security vulnerabilities and weaknesses. For RIPS, this deployment represents a milestone, serving one of the...
Dingwei iPower CMS has multiple vulnerabilities
Dingwei iPower CMS is a website system developed by Chongqing Dingwei Network Technology Co. Dingwei iPower CMS exists SQL injection, XSS cross-site scripting vulnerabilities, the background management system also exists user guessing, ultra-rights access and other vulnerabilities, attackers can...
Why tech companies wanted Senate Bill 315 vetoed
When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...