Lucene search
+L

772 matches found

bdu_fstec
bdu_fstec
added 2019/01/30 12:0 a.m.7 views

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain unauthorized access to data or cause service failures.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to data or cause service failures using the HTTP protocol...

7.1CVSS7.1AI score0.01859EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2019/01/23 12:0 a.m.10 views

The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain full control over the application.

The vulnerability of the Core component in Oracle VM VirtualBox is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.8CVSS7.5AI score0.00502EPSS
Exploits0References2Affected Software1
n0where
n0where
added 2019/01/22 3:47 a.m.329 views

Flexible and Powerful Reverse Proxy: Modlishka

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...

1.8AI score
Exploits0References2
kitploit
kitploit
added 2019/01/12 12:5 p.m.249 views

Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...

7.5AI score
Exploits0References2
debiancve
debiancve
added 2018/12/19 4:0 p.m.53 views

CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

7.5CVSS8.5AI score0.02937EPSS
Exploits0
cvelist
cvelist
added 2018/12/19 4:0 p.m.33 views

CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

8.2AI score0.02937EPSS
Exploits0References12
trendmicroblog
trendmicroblog
added 2018/12/04 1:5 p.m.24 views

Parlez-vous Machine?

Have you ever heard of the MQTT or CoAP protocols? No? Well the device on your wrist, and so many devices around you, could be using them right now. MQTT and CoAP are machine-to-machine or M2M protocols. With the rise of the internet of things IoT and operational technology OT, there’s increased...

Exploits0
osv
osv
added 2018/11/27 10:29 p.m.3 views

CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

7.4CVSS5.7AI score0.01108EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2018/11/09 12:0 a.m.9 views

The vulnerability of the WLS Core Components of the Oracle WebLogic Server application server allows a hacker to gain full control over the application.

The vulnerability of the WLS Core Components component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application, using the T3 network protocol...

10CVSS7.8AI score0.94281EPSS
Exploits3References5Affected Software1
schneier
schneier
added 2018/11/06 12:51 p.m.35 views

Security of Solid-State-Drive Encryption

Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...

1AI score
Exploits0
pentestpartners
pentestpartners
added 2018/11/02 2:29 p.m.104 views

No need for lock picking tools

This is something I knocked up to show how terrible some locks are. I found this one in my garage. It was from when my wife and I went to a Download festival a couple of years back and is a lock from one of those paid-for secure storage places where you can leave your car keys, phone etc. Let's...

6.8AI score
Exploits0
lenovo
lenovo
added 2018/09/20 4:58 p.m.562 views

Iomega and LenovoEMC NAS Web UI Vulnerabilities - US

Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...

1.4AI score0.04079EPSS
Exploits0
lenovo
lenovo
added 2018/09/20 4:58 p.m.29 views

Iomega and LenovoEMC NAS Web UI Vulnerabilities - Lenovo Support US

No description provided...

9.8CVSS5.9AI score0.04079EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2018/08/14 12:0 a.m.8 views

The vulnerability of the Core component of the Primavera Unifier application, which allows a hacker to gain unauthorized access to protected data.

The vulnerability of the Core component of the Primavera Unifier application, which is used for automating project management processes, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protecte...

7.4CVSS7.4AI score0.01188EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2018/08/10 12:0 a.m.12 views

The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...

8.5CVSS7.8AI score0.01769EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2018/07/27 12:0 a.m.10 views

The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.

The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...

10CVSS5.5AI score0.04574EPSS
Exploits4References3
talosblog
talosblog
added 2018/06/26 8:0 a.m.29 views

Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor

This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams. Executive summary Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of our research, we...

0.1AI score
Exploits0
ripstech
ripstech
added 2018/06/19 3:0 p.m.51 views

RIPS becomes Joomla! Official Code Analysis Partner

RIPS and Joomla are pleased to announce a new partnership where Joomla will be using RIPS industry leading code analysis solution to continuously scan the Joomla code base for tangible security vulnerabilities and weaknesses. For RIPS, this deployment represents a milestone, serving one of the...

7.2AI score
Exploits0
cnvd
cnvd
added 2018/06/10 12:0 a.m.3 views

Dingwei iPower CMS has multiple vulnerabilities

Dingwei iPower CMS is a website system developed by Chongqing Dingwei Network Technology Co. Dingwei iPower CMS exists SQL injection, XSS cross-site scripting vulnerabilities, the background management system also exists user guessing, ultra-rights access and other vulnerabilities, attackers can...

6.4AI score
Exploits0
malwarebytes
malwarebytes
added 2018/05/18 4:0 p.m.74 views

Why tech companies wanted Senate Bill 315 vetoed

When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...

Exploits0
Rows per page
Query Builder