AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
Monthly Archives: March 2017
CVE-2014-9836
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVE-2014-9833
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVE-2014-9834
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVE-2014-9832
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
CVE-2014-9838
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVE-2014-9840
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
Hackers Threaten to Remotely Wipe 300 Million iPhones Unless Apple Pays Ransom
If you use iCloud to sync your Apple devices, your private data may be at risk of getting exposed or deleted by April 7th.
It has been found that a mischievous group of hackers claiming to have access to over 300 million iCloud accounts is threatening Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in crypto-currency or $100,000 worth of iTunes
Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.
Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10.
What’s worse? DoubleAgent
SysGauge SMTP Validation Buffer Overflow
This Metasploit module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.