known-vulnerabilities – Page 7

As an end user, what risk is there in browsing a public website that uses TLSv1?

Posted on January 14, 2019 by Brad Parks

Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:

it’s a publicly accessible website with no sensitive or private data
it doesn’t require … Continue reading As an end user, what risk is there in browsing a public website that uses TLSv1?→

How can I determine the vulnerability for a sub domain takeover attack?

Posted on December 17, 2018 by Azaam Alfi - CCNA Security

I have found research efforts on explaining how sub domain takeovers can take place authored by a gentleman named “Patrik Hudák”. Through his site’s blogs he illustrates and conveys an understanding of the phenomenon:

https:… Continue reading How can I determine the vulnerability for a sub domain takeover attack?→

Microsoft Windows CVEs?

Posted on October 27, 2018 by user189906

I know sites like cvedetails and exploit-db feature Windows 10 specific CVEs. But doesnt microsoft.com have a list (or feed) of vulnerability advisories and recently disclosed CVEs? I checked their website (which is a bit con… Continue reading Microsoft Windows CVEs?→

Is there any list of vulnerabilities and their signatures?

Posted on October 23, 2018 by Moh

I am looking for a list of known vulnerabilities and their signatures.
Is there any publicly available list of security vulnerabilities and their signatures?

NVD (NATIONAL VULNERABILITY DATABASE) provides a database of known vulnerabiliti… Continue reading Is there any list of vulnerabilities and their signatures?→

What are most dangerous vulnerabilities of users of password management?

Posted on October 1, 2018 by J. Chang

Are there any examples where something goes wrong. For example, say people misused password managers and got hacked or take some loss? If so how?

Basically, I sort of know the typical vulnerabilities of password management (… Continue reading What are most dangerous vulnerabilities of users of password management?→

Is Debian 9.5 stretch vulnerable to CVE-2018-17182?

Posted on September 28, 2018 by Dark Cyber

I have a Debian system running the following kernel version:

Linux REDACTED 4.9.0-7-amd64 #1 SMP Debian 4.9.110-3+deb9u2 (2018-08-13) x86_64 GNU/Linux Linux REDACTED 4.9.0-7-amd64 #1 SMP Debian 4.9.110-3+deb9u2 (2018-08-13) … Continue reading Is Debian 9.5 stretch vulnerable to CVE-2018-17182?→

How to discover known vulnerabilities (CVEs) in Go executables?

Posted on September 27, 2018 by tsaarni

Tools that discover CVEs need to create software bill-of-material. In many cases it can be done simply by inspecting files on the target system e.g. RPM or NPM index.

Would it be possible to do composition analysis on Go exe… Continue reading How to discover known vulnerabilities (CVEs) in Go executables?→

Thousands of MikroTik Routers Hijacked for Eavesdropping

Posted on September 4, 2018 by Tara Seals

Using a known vulnerability, the threat actor is listening to a variety of ports. Continue reading Thousands of MikroTik Routers Hijacked for Eavesdropping→

search and analyse common vulnerabilities [on hold]

Posted on July 20, 2018 by houssein

How can I report vulnerabilities presented in my system architecture: in terms of software (name, version, etc.) and hardware components (name and type of routers, servers, operating systems, etc..)? How can I use the Common … Continue reading search and analyse common vulnerabilities [on hold]→

How do so many vulnerable IoT devices stay alive and online?

Posted on July 18, 2018 by LangeHaare

With attacks like Mirai and similar “script kiddie” threats giving access to so many IoT devices, how do they manage to stay online?

Suppose I have a device online which can be accessed (as root) over SSH with default creden… Continue reading How do so many vulnerable IoT devices stay alive and online?→