Chaining three critical vulnerabilities allows takeover of D-Link routers
Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers. A group of researchers from the Silesian University of Technology in Poland has discovered three vulnerabilities in some models of D-Link routers that…
Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users’ accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a…
Omron CX-Supervisor
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the context…
VMware addressed Code Execution Flaw in its ESXi, Workstation, and Fusion products
VMware has addressed a critical arbitrary code execution flaw affecting the SVGA virtual graphics card used by its ESXi, Workstation, and Fusion products. VMware has released security updated to fix a critical arbitrary code execution vulnerability (CVE-2018-6974) in the SVGA virtual graphics card used by…
35 million US voter records available for sale in a hacking forum
Millions of voter records are available for sale on the Dark Web, experts discovered over 35 million US voter records for sale in a hacking forum. Millions of voter records are available for sale on the Dark Web, experts from Anomali and Intel 471 discovered 35 million…
A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence
A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S. According to the Onslow Water and Sewer Authority (aka ONWASA) some internal systems were infected with the Emotet malware, but the regular…
LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Untrusted Pointer Dereference, Out-of-Bounds Read, Integer Overflow to Buffer Overflow, Path Traversal, Out-of-bounds Write, and Stack-based Buffer Overflow 2. RISK EVALUATION…
Expert released PoC Code Microsoft Edge Remote Code Execution flaw
Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical. One of the issues…
NUUO NVRmini2 and NVRsolo
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification….
NUUO CMS
. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS ——— Begin Update A Part 1 of 3 ——– Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials, Path Traversal, Unrestricted…
Stay connected