Apache Solr Vulnerable to Remote Code Execution Zero-Day Vulnerability

On 2 grudnia, 2019, Posted by , In News, By ,, , With Możliwość komentowania Apache Solr Vulnerable to Remote Code Execution Zero-Day Vulnerability została wyłączona

Apache Solr remains vulnerable to a zero day weeks after proof-of-concept code became public Read more: https://www.tenable.com/blog/apache-solr-vulnerable-to-remote-code-execution-zero-day-vulnerability

CVE-2018–8414: A Case Study in Responsible Disclosure

On 25 października, 2018, Posted by , In News, By ,,,, , With Możliwość komentowania CVE-2018–8414: A Case Study in Responsible Disclosure została wyłączona

The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly. Read more: https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba

Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk

On 12 lutego, 2018, Posted by , In News, By ,,,,, , With Możliwość komentowania Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk została wyłączona

Details of „Meltdown” and „Spectre” Attacks Against Intel and AMD Chips Disclosed Researchers have disclosed technical details of two new attack methods that exploit critical flaws in CPUs from Intel, AMD and other vendors. They claim billions of devices are vulnerable, allowing malicious actors to gain access to passwords and…

TeamViewer vulnerability allows users sharing a desktop session to gain control of the other’s PC

On 7 grudnia, 2017, Posted by , In News, By , , With Możliwość komentowania TeamViewer vulnerability allows users sharing a desktop session to gain control of the other’s PC została wyłączona

TeamViewer promptly issues a patch to fix the vulnerability TeamViewer issued a patch for users on Tuesday to fix a vulnerability that allows users sharing a desktop session to gain control of another PC without the latter’s permission. This vulnerability affected versions of TeamViewer running on Windows, macOS and Linux…

Xen exploitation part 2: XSA-148, from guest to host

On 30 lipca, 2016, Posted by , In News, By ,, , With Możliwość komentowania Xen exploitation part 2: XSA-148, from guest to host została wyłączona

http://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html

Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier

On 18 lipca, 2016, Posted by , In News, By ,,,,, , With Możliwość komentowania Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier została wyłączona

There is a serious stored cross site scripting (XSS) vulnerability in All in One SEO Pack Plugin versions 2.3.6.1 and older. This plugin is installed on over 1 million active websites and is extremely popular and widely used. The vulnerability allows an attacker to send a malicious HTTP User-Agent or…

Xen exploitation part 1: XSA-105, from nobody to root

On 3 czerwca, 2016, Posted by , In News, By ,, , With Możliwość komentowania Xen exploitation part 1: XSA-105, from nobody to root została wyłączona

This blog post describes the exploitation of Xen Security Advisory 105 (XSA-105) [1] (CVE-2014-7155). This post explains the environment setup and shows the development of a fully working exploit on Linux 4.4.5. We are not aware of any public exploit for this vulnerability, although Andrei Lutas wrote excellent articles [2]…

Microsoft Patches Critical Vulnerabilities in its Browsers

On 9 marca, 2016, Posted by , In News, By ,, , With Możliwość komentowania Microsoft Patches Critical Vulnerabilities in its Browsers została wyłączona

https://threatpost.com/microsoft-patches-critical-vulnerabilities-in-its-browsers/116664/

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

On 6 marca, 2016, Posted by , In News, By ,, , With Możliwość komentowania Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability została wyłączona

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k