HackDig : Dig high-quality web security articles for hacker

Cisco patches a DoS vulnerability in IOE XE operating system

Cisco fixed a vulnerability in IOE XE software that was introduced due to changes to its implementation of the BGP over an Ethernet VPN. Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN. The Cisco IOS XE operating system automates network op
Publish At:2017-11-07 05:10 | Read:987 | Comments:0 | Tags:Breaking News Security Vulnerability

WordPress releases the version 4.8.3 to address a serious SQL Injection vulnerability

WordPress developers fixed a serious SQL injection vulnerability on Tuesday with the release of version 4.8.3.. Apply it as soon as possible. WordPress developers fixed a serious SQL injection vulnerability that was reported by the researcher Anthony Ferrara,  VP of engineering at Lingo Live. The issue was addressed on Tuesday with the release of version 4.8
Publish At:2017-11-01 19:50 | Read:149 | Comments:0 | Tags:Breaking News Hacking SQL injection WordPress version 4.8.3

[ICS] SpiderControl SCADA Web Server Improper Privilege Management Vulnerability

Vendor: SpiderControlEquipment: SCADA Web ServerVulnerability: Improper Privilege ManagementAdvisory URLhttps://ipositivesecurity.com/2017/10/28/ics-spidercontrol-scada-web-server-improper-privilege-management-vulnerability/ICS-CERT Advisoryhttps://ics-cert.us-cert.gov/advisories/ICSA-17-250-01CVE-IDCVE-2017-12728------------------------AFFECTED PRODUCTS----
Publish At:2017-10-31 07:10 | Read:154 | Comments:0 | Tags: Vulnerability

ESA-2017-141: EMC AppSync Hardcoded Password Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-141: EMC AppSync Hardcoded Password VulnerabilityEMC Identifier: ESA-2017-141CVE Identifier: CVE-2017-14376Severity Rating: CVSS v3 Base Score: 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Affected products: EMC AppSync Server versions prior to 3.5.0.1Summary: EMC AppSync contains database accounts with ha
Publish At:2017-10-31 07:10 | Read:241 | Comments:0 | Tags: Vulnerability

ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass VulnerabilityEMC Identifier: ESA-2017-137CVE Identifier: CVE-2017-14375Severity Rating: CVSSv3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Affected products: *EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15*EMC Sol
Publish At:2017-10-31 07:10 | Read:190 | Comments:0 | Tags: Vulnerability

ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting VulnerabilityEMC Identifier: ESA-2017-134CVE Identifier: CVE-2017-14373Severity Rating: CVSSv3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NAffected Products:RSA Authentication Manager 8.2 SP1 P4 and earlier Summary:RSA A
Publish At:2017-10-27 15:20 | Read:122 | Comments:0 | Tags: Vulnerability

[KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability

-------------------------------------------------------------Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability-------------------------------------------------------------[-] Software Links:https://www.tuleap.orghttps://www.enalean.com[-] Affected Versions:All versions from 5.0 to 9.6.[-] Vulnerability Description:The vulnerable code can be tr
Publish At:2017-10-23 19:10 | Read:139 | Comments:0 | Tags: Vulnerability

Cisco addresses a critical vulnerability in Cloud Services Platform (CSP)

Cisco patched critical and high severity vulnerabilities in several products, including the Cloud Services Platform (CSP). Cisco patched critical and high severity vulnerabilities in several products, including the Cloud Services Platform (CSP), the Firepower Extensible Operating System (FXOS) and NX-OS software, and some Small Business IP phones. The most s
Publish At:2017-10-22 06:06 | Read:222 | Comments:0 | Tags:Breaking News Hacking CISCO Cloud Services Platform Krack Cl

WPA2 Protocol Vulnerability – Intercepting Password on Wireless Device

Overview The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is no
Publish At:2017-10-21 16:40 | Read:266 | Comments:0 | Tags:Security Advisory WPA2 Protocol Vulnerability Vulnerability

CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability

=============================================- Release date: October 05th, 2017- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team- Severity: Medium============================================= I. VULNERABILITY-------------------------Lansweeper XSS vulnerability. II. INTRODUCTION-------------------------Lansweeper an Asset Management and Netw
Publish At:2017-10-07 06:20 | Read:1046 | Comments:0 | Tags: Xss Vulnerability

ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting VulnerabilityEMC Identifier: ESA-2017-112CVE Identifier: CVE-2017-8017Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Affected products: * EMC Network Configuration Manager (NCM) 9.3.x* EMC Net
Publish At:2017-10-07 06:20 | Read:807 | Comments:773 | Tags: Vulnerability

CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability

=============================================- Release date: October 06th, 2017- Discovered by: Barkın Kılıç, Mehmet Dursun İnce- Severity: High=============================================I. VULNERABILITY-------------------------Lansweeper XXE vulnerability.II. INTRODUCTION-------------------------Lansweeper an Asset Management and Network Inventory Tool (
Publish At:2017-10-07 06:20 | Read:984 | Comments:0 | Tags: Vulnerability

A critical vulnerability affects Siemens smart meters

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters that addresses a critical vulnerability. Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters to fix a critical vulnerability that can be exploited by remote attackers to bypass authentication and perform administrative actions on the device.
Publish At:2017-10-07 06:05 | Read:507 | Comments:0 | Tags:Breaking News Hacking Internet of Things CVE-2017-9944 IoT S

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account VulnerabilityEMC Identifier: ESA-2017-119CVE Identifier: CVE-2017-8021Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Elastic Cloud Storage all versions prior to 3.1Summary: EMC Elastic Cloud St
Publish At:2017-09-27 05:40 | Read:420 | Comments:0 | Tags: Cloud Vulnerability

ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-115: EMC AppSync Host Plug-in Denial of Service VulnerabilityEMC Identifier: ESA-2017-115CVE Identifier: CVE-2017-8018Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected products: EMC AppSync host plug-in versions 3.5 and below (Windows platform only)Summary:
Publish At:2017-09-27 05:40 | Read:223 | Comments:0 | Tags: Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud