You Are Here: Home » Posts tagged "vulnerability"

Open Redirect Vulnerability on MasterCard’s Australia Web Site

An open redirect vulnerability has been found on MasterCard's Australia web site (mastercard.com.au), according to an advisory by researcher Anastasios Monachos from Packet Storm. An open redirect vulnerability consists of the malfunction of a web app that, according to the Common Weakness Enumeration dictionary, "accepts a user-controlled input that specifies a link to an external site, and uses that link ...

Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System

Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerabilities, the company said in an advisory. Impacted products include SIMATIC WinCC before version 7.3, and SIMATIC PCS7 before version 8.1. "The most severe of these vulnerabilities could allow privilege escalation in the WinCC Project administration application under certain conditions," the advisory said. The SIMATIC ...

Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication

An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code remotely, according to an advisory by the Zero Day Initiative. The vulnerability can be exploited without authentication by attackers, as the flaw is found in the "mod_status" module. “A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with han...

Microsoft Issues Security Updates for Critical Vulnerabilities in Internet Explorer and Windows Journal

Microsoft issued new update packages to patch critical vulnerabilities in Internet Explorer and Windows Journal, according to Microsoft's July Security Bulletin. Two updates have been rated  `critical,’ three as `important’ and one `moderate,’ by the company, which addressed 29 vulnerabilities in six update packages, from MS14-037 to MS14-042. Photo credit: Microsoft’s Blog "The ongoing diligent work from o...

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

PayPal Two-Factor Authentication Bypassed via Mobile App-Web API Vulnerability

A vulnerability between PayPal's mobile app and web service authentication flow enabled two-factor authentication (2FA) bypass, according to Duo Security's blog post. A temporary fix has been deployed by PayPal for this issue, which appears to be a design flaw and staff is working on a permanent fix. "When two-factor authentication is done right and consistently (across services) it provides really great va...

30,000 Servers May Be Exposed To Hackers

A vulnerability in the Baseboard Management Controller (BMC) of Supermicro motherboards leaves 30,000 unpatched servers and their passwords available on the open market, according to Cari.net researchers. It seems login passwords are stored in clear and the file containing them is widely available for download by connecting to a specific port. To compromise vulnerable servers, an attacker can scan the port ...

Smart TVs Vulnerable to Multiple Cyber Threats, Study Reveals

A new digital television standard, called Hybrid Broadcast-Broadband Television (HbbTV), can be exploited by hackers to “invisibly” hijack Europeans’ smart TVs using radio frequency injection, according to research by the Columbia University’s Network Security Lab. By including HTML content into broadcast streams, HbbTV exposes a TV set to numerous security weaknesses. “Exploiting these vulnerabilities, an ...

Remote Code Injection Vulnerability Found on Yahoo, Microsoft and Orange Subdomains

A Remote code injection vulnerability was found on the subdomains of Yahoo, Microsoft and Orange by being escalated from an Unauthorized Admin Access, according to Ibrahim Hegazy's blog post. A fix has been issued for the vulnerability from Yahoo and Microsoft. Hegazy found the Unauthorized Admin Access during his research in the Yahoo Bug Bounty Program, as the administrator panel never requested login cre...

Backdoor Still Hidden in Patch for Wi-Fi Routers

The backdoor affecting Sercomm wireless DSL routers has not been fixed, and lays hidden in the latest version of the devices’ firmware to intercept users’ home traffic, according to Ars Technica. In December 2013, Eloi Vanderbecken discovered hackers could exploit his parents’ Linksys Wi-Fi router to gain administrative rights and manipulate local network resources without admin credentials. The device was ...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top