Home / vulnerability

NMap NSE Script To Detect #WannaCry And #Petya MS17-010 SMBv1 Vulnerability

With the recent spread of the #WannaCry (Update 6/27/17: and #Petya) ransomware over the past week, the IT community has been in a frenzy to patch vulnerable systems that are missing the MS17-010 patch that Microsoft released back in March 2017. If you need to scan your network for possible vulnerable systems, you can use [...]

CVE-2016-8655 Five-Year-Old Linux Kernel Local Privilege-Escalation Vulnerability Discovered

A five-year-old serious privilege-escalation vulnerability has been discovered in the Linux kernel that affects almost every distro of the Linux operating system, including Red Hat and Ubuntu. Back in October, a nine-year-old privilege-escalation vulnerability, dubbed Dirty COW was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, [...]

By | 2016-12-07T12:00:38+00:00 December 7th, 2016|Categories: Linux, Security|Tags: , , , , , , |0 Comments

How To Patch Linux Kernel Zero Day DirtyCow Vulnerability CVE-2016-5195

A zero-day local privilege escalation vulnerability has been found in the Linux kernel that has existed since 2005, being called DirtyCow. This bug affects a large number of popular Linux distros as well as Android devices. By exploiting the DirtyCow vulnerability, any user can become root (admin) in less than 5 seconds. The vulnerability has [...]

CVE-2016-1453 Cisco Nexus 7000 and 7700 Series Switches Buffer Overflow Vulnerability

Earlier today, Cisco released a critical security advisory affecting its Nexus 7000 and Nexus 7700 Series Switches, CVE-2016-1453. A vulnerability in the Overlay Transport Virtualization (OTV) generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an attacker to cause a reload of the affected system or to remotely [...]

OpenSSL Patches High-Severity OCSP Bug & Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol (OCSP) was patched this week, closing a denial-of-service weakness in affected servers. OCSP is an alternative in many cases to Certificate Revocation Lists where a client can use the protocol to ping a server requesting the status of a digital certificate. The vulnerability, [...]

By | 2016-10-16T15:53:39+00:00 September 24th, 2016|Categories: Security|Tags: , , , , , , , |0 Comments

Remediation for Microsoft Windows Unquoted Service Path Enumeration Vulnerability

If you're using a vulnerability scanner on your PC or network, you've probably come across the Microsoft Windows Unquoted Service Path Enumeration vulnerability. The truth is, this vulnerability has been around for many years and Microsoft hasn't done much to address it. Instead, they've left it up to the individual developers to fix their programs [...]

Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability

Today, Cisco released a security advisory for its Firepower Management Center and FireSIGHT System Software for a session fixation vulnerability. The vulnerability is rated as a medium risk with no workarounds or software updates at this time. The vulnerability could allow an unauthenticated, remote attacker to hijack a valid user session. According to Cisco: The [...]