Overview The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is no

=============================================- Release date: October 05th, 2017- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team- Severity: Medium============================================= I. VULNERABILITY-------------------------Lansweeper XSS vulnerability. II. INTRODUCTION-------------------------Lansweeper an Asset Management and Netw

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting VulnerabilityEMC Identifier: ESA-2017-112CVE Identifier: CVE-2017-8017Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Affected products: * EMC Network Configuration Manager (NCM) 9.3.x* EMC Net

=============================================- Release date: October 06th, 2017- Discovered by: Barkın Kılıç, Mehmet Dursun İnce- Severity: High=============================================I. VULNERABILITY-------------------------Lansweeper XXE vulnerability.II. INTRODUCTION-------------------------Lansweeper an Asset Management and Network Inventory Tool (

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters that addresses a critical vulnerability. Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters to fix a critical vulnerability that can be exploited by remote attackers to bypass authentication and perform administrative actions on the device.

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account VulnerabilityEMC Identifier: ESA-2017-119CVE Identifier: CVE-2017-8021Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Elastic Cloud Storage all versions prior to 3.1Summary: EMC Elastic Cloud St

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-115: EMC AppSync Host Plug-in Denial of Service VulnerabilityEMC Identifier: ESA-2017-115CVE Identifier: CVE-2017-8018Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected products: EMC AppSync host plug-in versions 3.5 and below (Windows platform only)Summary:

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,

Pixie image Editor SSRF vulnerability for CVE-2017-12905title: Pixie image Editor SSRF vulnerability for CVE-2017-12905Date: 20/09/2017Vulnerability Type： SSRF(Server Side Request Forgery)Vendor of Product： vebto（vebto.com）Attack Type： RemoteImpact： ImportentAuthor：BeiJing Baimaohui technology co., LTD.Version： Pixie Image Editor 1.4 and 1.7CVE-ID : CVE-2017

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Ins

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Identifier: ESA-2017-098CVE Identifier: CVE-2017-8013Severity Rating: CVSS v3 Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Data Protection Advisor versions 6.3.x* EMC Data Protection Adviso

It’s official, the Equifax data breach case was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The Equifax data breach case was solved, that incident was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be

A new security flaw detected in Apache Struts allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.Although the Apache Software Foundation classified it as a medium severity vulnerability, Cisco has outlined a long list of its products in the Security Advisory that are affected by this flaw.Extent of the problemThe vulnerabilit