HackDig : Dig high-quality web security articles for hacker

[ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability

Vendor: SpiderControlEquipment: SCADA Web ServerVulnerability: Directory TraversalAdvisory URL:https://ipositivesecurity.com/2017/09/01/ics-spidercontrol-scada-web-server-directory-traversal-vulnerability/ICS-CERT Advisoryhttps://ics-cert.us-cert.gov/advisories/ICSA-17-234-03ZDI Advisoryhttp://www.zerodayinitiative.com/advisories/ZDI-17-695CVE-IDCVE-2017-126
Publish At:2017-09-01 11:20 | Read:2292 | Comments:0 | Tags: Vulnerability

[ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow Vulnerability

Vendor: SpiderControlEquipment: SCADA MicroBrowserVulnerability: Stack-based Buffer OverflowAdvisory URL:https://ipositivesecurity.com/2017/09/01/ics-spidercontrol-scada-microbrowser-stack-buffer-overflow/ICS-CERT Advisoryhttps://ics-cert.us-cert.gov/advisories/ICSA-17-234-02ZDI Advisoryhttp://www.zerodayinitiative.com/advisories/ZDI-17-694/CVE-IDCVE-2017-12
Publish At:2017-09-01 11:20 | Read:2223 | Comments:0 | Tags: Vulnerability

ConnMan #ConnManDo Vulnerability

Hi list,We have published the web page which describes about detail of CVE-2017-12865,ConnMan vulnerability.http://connmando.nri-secure.co.jp/index.htmlThis patch has been merged to master branch of debian and yocto Linux distribution.And now we are trying to communicate with other Linux distribution security teams.- [debian][DSA 3956-1] connman security upd
Publish At:2017-08-30 03:05 | Read:2397 | Comments:0 | Tags: Vulnerability

Unfixable Automobile Computer Security Vulnerability

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network (CAN): Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable. Patching the issue means changing how the CAN standard works a
Publish At:2017-08-18 23:05 | Read:1855 | Comments:773 | Tags: Vulnerability

Cisco CloudCenter Orchestrator Vulnerability

This vulnerability gives an unauthenticated, remote attacker the ability to install Docker containers to the system, and could potentially allow him to attain escalated privileges, such as root. This was made possible by a misconfiguration that makes the Docker management port accessible to attackers, and allows them to submit Docker containers to the Cisco
Publish At:2017-08-17 08:57 | Read:1445 | Comments:0 | Tags: Cloud Vulnerability

How can OSS-Fuzz and other vulnerability scanners help developers?

In December 2016, Google released its project, dubbed OSS-Fuzz, as an open source tool to fuzz applications for security and stability concerns. The tool doesn't scan every piece of open source software; in order to be accepted by OSS-Fuzz, an open source project must have a large following or be considered software that's critical to global infrastructure.I
Publish At:2017-08-17 08:52 | Read:1627 | Comments:0 | Tags: Vulnerability

How is the Samba vulnerability different from EternalBlue?

The vulnerability in Samba -- as well as WannaCry ransomware -- shows that every organization needs to apply appropriate patches and enforce configuration management in its systems to defend itself against security risks.These Linux and Windows systems are similar in that both created remote concerns by having port 445 open on the perimeter. Samba is used to
Publish At:2017-08-17 08:50 | Read:1708 | Comments:0 | Tags: Vulnerability

Apple iOS 10.3 - UI SMS Access Permission Vulnerability

Document Title:===============Apple iOS 10.3 - UI SMS Access Permission VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2078Apple Security ID: 666589482Video: https://www.vulnerability-lab.com/get_content.php?id=2079Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2017/08/14/apple-
Publish At:2017-08-16 10:20 | Read:2311 | Comments:0 | Tags: IOS Vulnerability

Microsoft Resnet - DNS Configuration Web Vulnerability

Document Title:===============Microsoft Resnet - DNS Configuration Web VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2087Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspxRelease Date:=============2017-08-16Vulnerability Laboratory ID (VL-ID):===============================
Publish At:2017-08-16 10:20 | Read:2513 | Comments:0 | Tags: Vulnerability

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:3585 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

Web application vulnerability report: time to dig into the source code

IntroductionEvery year, web applications expand their presence in more and more areas. Almost every business has its own web applications for clients and for internal business processes. However, application functionality is often prioritized at the expense of security, which negatively affects the security level of the entire business.As a result, web appli
Publish At:2017-08-08 13:15 | Read:3960 | Comments:0 | Tags: Vulnerability

DefenseCode ThunderScan SAST Advisory: WordPress Podlove Podcast Publisher Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress Podlove Podcast Publisher Plugin Security VulnerabilityAdvisory ID: DC-2017-05-006Advisory Title: WordPress Podlove Podcast Publisher Plugin Security VulnerabilityAdvisory URL: http://www.defensecode.com/advisories.phpSoftware: WordPress Podlove Podcast Publisher pl
Publish At:2017-08-08 06:00 | Read:1564 | Comments:0 | Tags: Vulnerability

DefenseCode ThunderScan SAST Advisory: WordPress PressForward Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress PressForward Plugin Security VulnerabilityAdvisory ID: DC-2017-05-007Advisory Title: WordPress PressForward Plugin Security VulnerabilityAdvisory URL: http://www.defensecode.com/advisories.phpSoftware: WordPress PressForward pluginLanguage: PH
Publish At:2017-08-08 06:00 | Read:1376 | Comments:0 | Tags: Vulnerability

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:2339 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

Format Factory DLL Hijacking Vulnerability

Format Factory DLL Hijacking VulnerabilityProduct---------------Format Factory is a comprehensive audio, video and photo converter and ripper that will satisfy your every need, all by having simple interface that can be used by everyone. Download Format Factory Offline Installer Setup for Windows.Vulerability Description-----------------Format factory is vul
Publish At:2017-08-04 21:30 | Read:2566 | Comments:0 | Tags: Vulnerability


Share high-quality web security related articles with you:)


Tag Cloud