known-vulnerabilities – Page 8

owasp top 10 2017 automation

Posted on June 19, 2018 by SyCode

I am working on security automation from checking web application for the OWASP top 10 vulnerabilities. I’d like to check for the respective description, CWE-IDs etc and make decisions automatically. I can imagine a machine-r… Continue reading owasp top 10 2017 automation→

CVE-2018-0886 mitigation for an unpatchable RDP server

Posted on June 19, 2018 by Zenilogix

An up-to-date Windows 10 client is connecting to a Windows 10 RDP host which is stuck at 1511 (host can’t be updated and 1511 is out of support for receiving patches such as the CVE-2018-0886 mitigation).

What exactly is the… Continue reading CVE-2018-0886 mitigation for an unpatchable RDP server→

How should security patches be managed in public versioning systems (like Github, etc.)?

Posted on June 16, 2018 by reed

There’s a thing I don’t understand. I found a project on Github. Looking at the list of commits, you can see stuff like “fixed XSS in file whatever, etc”. But that commit is part of a long list of commits that were made after… Continue reading How should security patches be managed in public versioning systems (like Github, etc.)?→

List of BLE vulnerabilities?

Posted on June 8, 2018 by Mi Mulli

Has anyone seen the matrix that compares vulnerabilities for and/or between BLE 4.0, 4.1, 4.2 and 5.0?

Continue reading List of BLE vulnerabilities?→

Jump-Start Your Management of Known Vulnerabilities

Posted on June 8, 2018 by Ramkumar Ramanathan

Known vulnerabilities are the weaknesses that are most often exploited, but how can they be managed?

The post Jump-Start Your Management of Known Vulnerabilities appeared first on Security Intelligence.

Continue reading Jump-Start Your Management of Known Vulnerabilities→

Check this site has SQL Injection [on hold]

Posted on May 29, 2018 by Mas

I have a problem to check “SQL Injection” on site ex: https://www.extremepsi.com/store/product.php?productid=30282

Report about this problem

https://suip.biz/?act=report&id=ceb2b0a84137085a302cd866bcdfe765

Continue reading Check this site has SQL Injection [on hold]→

What is the attack vector for CVE-2018-3639 Speculative Store Bypass?

Posted on May 23, 2018 by Michael

We use Web Application deployed on a CentOS server.

Can the attack will be performed via a browser?
Or the attacker need a physical access to the CentOS server?

I cannot understand the attack vector from the RHEL: https://a… Continue reading What is the attack vector for CVE-2018-3639 Speculative Store Bypass?→

Test for OWASP Using Components with Known Vulnerabilities?

Posted on May 16, 2018 by Bill C

I’m trying to think how I would test an application for OWASP “Using Components with Known Vulnerabilities”.

If my understanding is correct, this deals a lot with out of date libraries/modules, but if one is pentesting an ap… Continue reading Test for OWASP Using Components with Known Vulnerabilities?→

Microsoft Vulnerability Database?

Posted on May 9, 2018 by Lucian Nitescu

How can I list all vulnerabilities starting with build Windows 10 Home 16299 up to date? Is there a DB for that?

Continue reading Microsoft Vulnerability Database?→

Common JavaScript Vulnerabilities

Posted on March 28, 2018 by Dennis1818

Can someone recommend a secure coding guideline for JavaScript?

Is there a set of common vulnerabilities that are closely related to the JavaScript programming language? What I am searching for are equivalent vulnerabilities to stack, hea… Continue reading Common JavaScript Vulnerabilities→