Browsing tag
“Sudoing” lately? Linux or any Unix-based platform users are well aware of the Sudo command. In Unix and Linux, the Sudo keyword lets users gain special privileges to execute certain commands, which normally they cannot execute. Sudo command is perhaps one of the most significant of all commands in the Linux/Unix framework and if misused, […]
A new vulnerability has been discovered in the Linux Sudo program let unprivileged users can run the command as root by specifying the user ID -1 or 4294967295. Sudo (Superuser Do) program in Linux is responsible to allocate the security privileges to run commands for normal users and by default for Superusers. The vulnerability affected […]
New hardware and software security flaws seem to appear on a daily basis. This time, web application security experts from security firm SafeBreach Labs, specializing in cyberattack simulation, report the finding of a critical vulnerability in Open Hardware Monitor, a free open source tool to monitor temperature, fans speed and voltage in computer hardware components. […]
Researchers from CERT/CC discovered multiple vulnerabilities in Satcom terminal Cobham EXPLORER 710 that affects both firmware and device. The vulnerabilities allow hackers to perform several attacks such as intercept the traffic, remotely execute the command, implant and hide a backdoor, DoS Attack, exfiltrate the sensitive data and more Cobham EXPLORER 710 is a satellite telecommunication […]
A vulnerability testing specialist just revealed a zero-day vulnerability in versions of Joomla, the popular content management system (CMS) launched between September 2012 and December 2015. The vulnerability could reportedly pose a severe risk to thousands of websites worldwide. This flaw may seem too old, but in the case of Joomla! this might be irrelevant, […]
Security researchers disclosed a new unauthenticated command injection vulnerability in some of the D-link routers. The vulnerability can be tracked as CVE-2019-16920 and rated as critical. Successful exploitation of the vulnerability results in Remote Code Execution, an attacker can trigger the vulnerability remotely to access the router login page without authentication. D-link Routers Affected The […]
A team of web application security experts has discovered multiple security vulnerabilities in Foxit PDF Reader, one of the most popular PDF reader tools and the main competitor of Adobe Reader. The flaws found include remote code execution errors considered highly serious. The researchers, led by Aleksandar Nikolic of Cisco Talos, discovered this set of […]
Researchers from Google project zero uncovered a critical zero-day vulnerability that affected at least 18 Android models including Samsung, Moto, Huawei, Pixel, Xiaomi and more. Some of the depth pieces of evidence show that the vulnerability is being exploited in wide and gives complete access to the Vulnerable Android devices. An Android zero-day exploit that […]
Exclusive research found 9 critical system-level Android VoIP Zero-day vulnerabilities that allow attackers to perform malicious operations, including denying voice calls, caller ID spoofing, unauthorized call operations, DOS attack, and remote code execution. A Team of academics and researchers from OPPO ZIWU Cyber Security Lab, Chinese University of Hong Kong and Singapore Management University uncovered […]
A firm of vulnerability testing specialists has just discovered a security vulnerability in the Zoom and Cisco Webex video conferencing platforms. According to reports, exploiting this flaw would allow a threat actor to list and access unprotected active meetings on these platforms. There are at least three dozen video conferencing service providers and many of […]
Cisco released a security update for multiple vulnerabilities that affected Cisco IOS XE Software web-based user interface (Web UI) that allows a remote attacker to execute commands with elevated privileges on the vulnerable system. Cisco IOS XE Software is an internetworking operating system for enterprise networks and is using in several Cisco devices such as […]
Because of the advantages it offers, cloud computing is considered a much safer environment for information stored on these servers. However, vulnerability testing specialists have discovered a security flaw in a cloud management system used by thousands of providers of these services that could expose information from thousands of system administrators. The vulnerability is present […]
Cisco has just released a new set of security updates for the Cisco IOS Software IOx application. According to ethical hacking specialists, these updates fix a vulnerability that, if exploited, would allow remote threat actors without authentication to access the guest operating system (Guest OS) as a root user. The flaw, tracked as CVE-2019-12648, exists […]
Regardless of its usage, any software implementation can present serious security errors. A researcher in vulnerability testing that remains anonymous for the time has revealed details about zero-day vulnerability in vBulletin, the most widely used Internet forum creation software nowadays. The problem is that it appears that the person in charge of publishing this information […]
Vulnerability testing specialists have reported the presence of an unpatched zero-day vulnerability in the software of phpMyAdmin, one of the world’s most widely used MySQL and MariaDB database management applications. In addition to reporting the vulnerability, the experts published some details of the proof-of-concept for its exploitation. As mentioned before, phpMyAdmin is a free and […]
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that’s widely used to manage the database for websites created with WordPress, Joomla, and many […]
It seems that companies will never stop being inconvenienced by some security flaws. Vulnerability testing experts report that Cisco has extended the update patch to address a critical denial of service (DoS) vulnerability that was first detected and corrected in 2016. The vulnerability in question, tracked as CVE-2016-1409 is a flaw on the IPv6 packet […]
Web application security specialists have discovered a set of vulnerabilities in D-Link and Comba WiFi routers that, if exploited, could leak the passwords of the owners. The researchers, from security firm Trustwave, discovered these five flaws, which could be considered critical. Experts discovered two flaws in the firmware of D-Link DSL-2875AL and DSL-2877AL wireless routers. […]
A new method for extracting information from an Internet CPU keeps system administrators concerned. Cybersecurity specialists reported the finding of a new side channel vulnerability on these devices; unlike other similar flaws, this one can be exploited remotely over the network, so hackers do not require physical access to the device or the installation of […]
Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the tech giant this month are listed as […]
A Vulnerability resides in the Exim mail server allows both local and remote attacker to execute the arbitrary code and exploit the system to gain root access. Exim is a mail transfer agent (MTA) developed by the University of Cambridge as an open-source project and is responsible for receiving, routing and delivering e-mail messages used on Unix-like operating systems. […]