COVID-19 and Staying Cyber Secure
As news of Covid-19 grows in the news, so do cyber attacks, taking advantage of newly-remote workers and the population wanting to learn more of our evolving landscape. Be alert and cautious of unfamiliar emails or calls that disguise themselves as official health organizations you receive or promises of the stimulus package payout. Here are a few recent nefarious cyber (more…)
CVE-2016-2046 – CROSS SITE SCRIPTING IN SOPHOS UTM 9
Title: CVE-2016-2046 – CROSS SITE SCRIPTING IN SOPHOS UTM 9
Product: Sophos UTM 9
Vendor: Sophos
CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure
Title: CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure
Product: Nessus
Vendor: Tenable Network Security (more…)
Understanding and Fixing the Heartbleed Vulnerability
Now that you know that Heartbleed is potentially exposing your secure systems to malicious hackers, you need to know what to do about it. Not only does that mean you need to secure your systems (even the ones you don’t yet know use Open SSL), but (more…)
CVE-2013-3734 – JBoss AS Administration Console – Password Returned in Later Response
OVERVIEW: CVE-2013-3734 – JBoss AS Administration Console – Password Returned in Later Response
Product: Embedded Jopr – JBoss AS Administration Console
Vendor: Red Hat Middleware, LLC
Version: < 1.2 (more…)
CVE-2013-1402 – DigiLIBE Management Console – Execution After Redirect (EAR) Vulnerability
Overview
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
Impact
CVSS Severity (version 2.0): (more…)
CVE-2011-5251 – vBulletin – Multiple Open Redirects
CVE-2011-5251 – vBulletin – Multiple Open Redirects Overview
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
Impact
CVSS Severity (version 2.0): (more…)
CVE-2012-6493: Nexpose Security Console CSRF Vulnerability
Product: Nexpose Security Console
Vendor: Rapid7
Version: < 5.5.3
Tested Version: 5.5.1
Vendor Notified Date: December 19, 2012
Release Date: January 2, 2013
Risk: High
Authentication: None required
Remote: Yes (more…)
CVE-2012-6494 – Nexpose Security Console – Session Hijacking
CVE-2012-6494 – Nexpose Security Console – Session Hijacking
Product: Nexpose Security Console
Vendor: Rapid7
Version: < 5.5.3
Tested Version: 5.5.1
Vendor Notified Date: December 19, 2012
Release Date: January 2, 2013
Risk: Medium
Authentication: Access to logs required.
Remote: Yes (more…)
CVE-2012-6342: Atlassian Confluence – Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
CVE-2012-6342: Atlassian Confluence
Product: Confluence
Vendor: Atlassian
Version: 3.0 / Current
Tested Version: 3.4.6
Vendor Notified Date: June 31, 2011
Release Date: September 19, 2012
Risk: Medium
Authentication: Depends on configuration.
Remote: Yes (more…)
