HackDig : Dig high-quality web security articles for hacker

WPA2 Protocol Vulnerability – Intercepting Password on Wireless Device

Overview The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is no
Publish At:2017-10-21 16:40 | Read:80 | Comments:0 | Tags:Security Advisory WPA2 Protocol Vulnerability Vulnerability

CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability

=============================================- Release date: October 05th, 2017- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team- Severity: Medium============================================= I. VULNERABILITY-------------------------Lansweeper XSS vulnerability. II. INTRODUCTION-------------------------Lansweeper an Asset Management and Netw
Publish At:2017-10-07 06:20 | Read:759 | Comments:0 | Tags: Xss Vulnerability

ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting VulnerabilityEMC Identifier: ESA-2017-112CVE Identifier: CVE-2017-8017Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Affected products: * EMC Network Configuration Manager (NCM) 9.3.x* EMC Net
Publish At:2017-10-07 06:20 | Read:468 | Comments:773 | Tags: Vulnerability

CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability

=============================================- Release date: October 06th, 2017- Discovered by: Barkın Kılıç, Mehmet Dursun İnce- Severity: High=============================================I. VULNERABILITY-------------------------Lansweeper XXE vulnerability.II. INTRODUCTION-------------------------Lansweeper an Asset Management and Network Inventory Tool (
Publish At:2017-10-07 06:20 | Read:500 | Comments:0 | Tags: Vulnerability

A critical vulnerability affects Siemens smart meters

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters that addresses a critical vulnerability. Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters to fix a critical vulnerability that can be exploited by remote attackers to bypass authentication and perform administrative actions on the device.
Publish At:2017-10-07 06:05 | Read:262 | Comments:0 | Tags:Breaking News Hacking Internet of Things CVE-2017-9944 IoT S

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account VulnerabilityEMC Identifier: ESA-2017-119CVE Identifier: CVE-2017-8021Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Elastic Cloud Storage all versions prior to 3.1Summary: EMC Elastic Cloud St
Publish At:2017-09-27 05:40 | Read:215 | Comments:0 | Tags: Cloud Vulnerability

ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-115: EMC AppSync Host Plug-in Denial of Service VulnerabilityEMC Identifier: ESA-2017-115CVE Identifier: CVE-2017-8018Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected products: EMC AppSync host plug-in versions 3.5 and below (Windows platform only)Summary:
Publish At:2017-09-27 05:40 | Read:120 | Comments:0 | Tags: Vulnerability

ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to
Publish At:2017-09-27 05:25 | Read:228 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android CVE-2016-51

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:143 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

Pixie image Editor SSRF vulnerability for CVE-2017-12905

Pixie image Editor SSRF vulnerability for CVE-2017-12905title: Pixie image Editor SSRF vulnerability for CVE-2017-12905Date: 20/09/2017Vulnerability Type: SSRF(Server Side Request Forgery)Vendor of Product: vebto(vebto.com)Attack Type: RemoteImpact: ImportentAuthor:BeiJing Baimaohui technology co., LTD.Version: Pixie Image Editor 1.4 and 1.7CVE-ID : CVE-2017
Publish At:2017-09-21 20:35 | Read:152 | Comments:0 | Tags: Vulnerability

Optionsbleed vulnerability can cause Apache servers to leak memory data

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially
Publish At:2017-09-21 01:55 | Read:182 | Comments:0 | Tags:Breaking News Hacking Apache server memory leak Optionsbleed

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Ins
Publish At:2017-09-20 12:30 | Read:146 | Comments:0 | Tags:OWASP IDOR Insecure Direct Object Reference Vulnerability OW

ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Identifier: ESA-2017-098CVE Identifier: CVE-2017-8013Severity Rating: CVSS v3 Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)Affected products: * EMC Data Protection Advisor versions 6.3.x* EMC Data Protection Adviso
Publish At:2017-09-15 16:55 | Read:144 | Comments:0 | Tags: Vulnerability

CVE-2017-5638 Apache Struts vulnerability is the root cause behind Equifax data breach

It’s official, the Equifax data breach case was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The Equifax data breach case was solved, that incident was caused by the exploitation of the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be
Publish At:2017-09-15 16:40 | Read:207 | Comments:0 | Tags:Breaking News Cyber Crime Hacking CVE-2017-9805 Cybercrime E

New Apache Struts vulnerability allows remote code execution

A new security flaw detected in Apache Struts allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.Although the Apache Software Foundation classified it as a medium severity vulnerability, Cisco has outlined a long list of its products in the Security Advisory that are affected by this flaw.Extent of the problemThe vulnerabilit
Publish At:2017-09-14 18:05 | Read:197 | Comments:0 | Tags: Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud