After releasing the new kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems to patch 13 security vulnerabilities, Canonical announced the availability of a major kernel update for Ubuntu 17.10. If you’re using the latest Ubuntu 17.10 (Artful Aardvark) operating system on your personal computer, you should know that it received it’s first major kernel update since the […]
Adobe’s latest security update has swatted a total of 67 bugs, some of them critical, in Adobe Flash, Acrobat, and Reader. On Tuesday, the software provider released a security advisory detailing a huge amount of vulnerabilities which have now been fixed in the latest patch round. Adobe Flash Player, Photoshop CC, Connect, Acrobat and Reader, […]
The security experts Florian Bogner devised a method dubbed AVGater to escalate privileges by abusing the quarantine feature of some antiviruses. Several popular antivirus solutions are affected by flaws that could be exploited by attackers to escalate privileges on a compromised system by abusing the quarantine feature. The security experts Florian Bogner devised a method dubbed AVGater to escalate […]
Multiple vulnerabilities found in Linux USB drivers that included with Linux kernel USB subsystem. It can be triggered by an attacker who has a physical access to the machine. These bugs allow attackers to induce a denial of service and to insert malicious scripts or to escalate privileges if they get physical access. All the […]
TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell (SSH) key files Secure Socket Layer (SSL) key files Internet Protocol (IP) addresses Uniform Resource Locator (URL) email addresses shell scripts web server binaries configuration files database files specific binaries files (i.e. Dropbear, […]
The makers of the popular parental control system called Circle with Disney patched 23 vulnerabilities over the weekend. The bugs ran the gamut from memory corruption and denial of service, to SSL validation vulnerabilities and impact all devices managed on a network. Circle with Disney is a $90 device made in partnership by Disney Interactive […]
A flaw in the Google Issue Tracker, also known as the “Buganizer,” might have exposed details about unpatched flaws listed in the database. A vulnerability in the Google Issue Tracker, also known as the “Buganizer,” might have exposed details about unpatched flaws listed in the database. The flaw was reported by the bug hunter Alex Birsan […]
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits […]
UPDATE Researchers are warning of two critical vulnerabilities in global satellite telecommunications company Inmarsat’s SATCOM systems. The vulnerabilities impact thousands of customers running the newest version of its AmosConnect platform, typically found on maritime sea vessels, according to researchers at IOActive. Researchers warn communication systems running the AmosConnect 8 platform are exposed to vulnerabilities that could […]
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits […]
A script to find admin login pages and EAR vulnerabilites. Features Multi-threading on demand Big path list (798 paths) Supports php, asp and html extensions Checks for potential EAR vulnerabilites Checks for robots.txt Support for custom patns Usages Check all paths with php extension python breacher -u example.com –type php Check all paths with php […]
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system. According to a team of four computer scientists from the Florida State University and Baidu X-Lab, the problem lies in the design of the ARM TrustZone technology, widely deployed […]
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara. Researchers developed BootStomp to analyze […]
Why buy expensive MacBook Pro when you can get it for $1? But then you will be the bad guy. The IT security researchers at ERPScan discovered a bunch of critical vulnerabilities in SAP Point-of-Sales systems (SAP POS), a client/server point-of-sale (POS) solution allowing them to buy an expensive MacBook for just $1. According to […]
Ruben Santamarta, a security researcher for IOActive, has found various vulnerabilities in nuclear radiation monitoring equipment from three vendors, who when contacted by the researcher, declined to fix the reported flaws, each for various reasons. The vulnerabilities were found in multiple product models sold by Digi, Ludlum, and Mirion. Vulnerabilities found in very critical equipment […]
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. System and network admins have never been taxed from a patching […]
Oracle’s next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company’s Oracle Access Manager (OAM) solution won’t be among the bugs patched. Version 10g of the software, Oracle’s solution for web access management and user administration, suffers from two issues: an open redirect vulnerability, and […]
Scan Web Servers For Vulnerabilities Using Nikto Kali Linux Scan Web Servers with Nikto Welcome back today we will be talking a little about web vulnerabilities and how we can scan for vulnerabilities in web servers using Nikto. Before attacking a website its vital to do reconnaissance on the target website this helps us gather […]
With so much of news surrounding major global malware attacks such as the recent NotPetya incident, not much has been talked about some flaws that exist within the popular Dell software. Security flaws that require immediate update Before letting you know about the technical details of the vulnerabilities, it is important to note that those […]
Security experts from Talos discovered a couple of vulnerabilities in Dell Precision software which allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user. CVE-2016-9038 This vulnerability exists with Invincea-X, Dell Protected Workspace 6.1.3-24058 and attacker can trigger this vulnerability by sending crafted data to the […]