On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include Fortinet devices. This advisory presents risk...
On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include CISCO Adaptive Security Appliance (ASA) and PIX...
The Server Message Block (SMB) protocol is a network protocol allowing files and printers sharing over different networks (TCP/IP included).
Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests...
The RESTful Web Services module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
The Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
On May 3rd, 2016, security researchers reported several bugs in ImageMagick [1], a package commonly used by web services to process images. [2][3]
On April 12th, 2016 Badlock, a crucial security bug in Windows and Samba was disclosed.
The March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe vulnerabilities in Cisco IOS Software.
Version: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
A vulnerability in Cisco NX-OS Software allows a perpetrator to connect to the device with administrative privileges.
A vulnerability in SSLv2 can lead to a compromise the cryptographic scheme of safe transactions over Internet. The attack that exploits the vulnerability is called "DROWN". The attacker can easily interfere between client and server and monitor...
Palo Alto Networks has revealed four new vulnerabilities
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.
Updated: CentOS has released updates to vulnerability remedy. F5 has published information about products affected products.
Vulnerability in glibc allows unauthenticated attacker to remotely exploit and cause: - Denial-of-Service (DoS) - Remote code execution (administrator / root privileges) - Remote code execution (User)
A vulnerability in the Internet Key Exchange .v1 and .v2 of CISCO ASA software can be exploited causing DOS or even remote code execution.
The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible.
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect...
The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible. A Pyhton script was released that can be used to exploit the vulnerability.
The Pacom 1000 implementation have several serious implementation flaws in cryptography mechanisms. The flaws that were found can bypass the security of any unpatched installation. The issue could affect the Psysical Security entities of a...