Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses.
Browsing Tag: vulnerabilities
Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim’s stored passwords.
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water,[…]
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some specific circumstances.
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take arbitrary actions on target sites. That vulnerability lies in the OpenID module in Drupal that enables users to authenticate themselves using the OpenID protocol. The protocol is based[…]
LinkedIn today announced that since October it has been running a private bug bounty, and to date has patched 65 bugs and paid out $65,000 in rewards.
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor.[…]
Google today launched the Android Security Rewards program, a bug bounty for Android Nexus 6 and Nexus 9 devices.