3.1 C
London
Sunday, November 19, 2017

Cisco Email Security Appliance HTTP Response Splitting Vulnerability

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly san...

Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule.

The fil...

Cisco Immunet Antimalware Installer DLL Preloading Vulnerability

An untrusted search path vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the ...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation.

An attacker could exploit this vulnerabilit...

Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability

A vulnerability in Cisconbsp;Umbrella Insights Virtual Appliances could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user crede...

Microsoft Patches 17-Year-Old Office Bug

Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday.

VU#421280: Microsoft Office Equation Editor stack buffer overflow

Microsoft Equation Editor contains a stack buffer overflow,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Microsoft Patches 20 Critical Vulnerabilities

This month, Microsoft's Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core, .NET Core, and its Chackra Core browser engine.

Debugging Tool Left on OnePlus Phones, Enables Root Access

Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat

Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.

Apple iPhone X Face ID Fooled by a Mask

Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.

Phishing Biggest Threat to Google Account Security

Phishing remains the biggest account takeover threat to Google users, surpassing keyloggers and credential leaks.