Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Home  Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). Network Enabled Discount: SecuriTeam5_SANS Promo With Us Subjects of Interest: Vulnerability Management SQL Injection Buffer Overflows Active Network Scanning Fuzzing Fuzzer Report Network Security Network Scanner Pen Testing Security Scanner Scanner Review Fuzzer Review Web Scanner Review	SPCanywhere SSL Certificate Validation Security Bypass Vulnerabilities 12 Aug. 2015    Summary The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.   Credit: The information has been provided by Karsten Sohr, Bernhard Berger, and Kai Hillmann from the TZI-Bremen. Free Website Security Scan Free Fuzzer Report Vulnerability Assessment Detect web app vulnerabilities University study comparing the top Accurate and automated scanning Get guidance from professionals. 6 commercially availble fuzzers. for networks of any size.    Details Protect your website! Free Trial, Nothing to install. No interruption of visitors. www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Siemens SPCanywhere application SPCanywhere is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. CVE Information: CVE-2015-1596 Disclosure Timeline: Original release date: 03/06/2015 Last revised: 03/09/2015  Comments: blog comments powered by Disqus	Related Articles Wepresent Wipg-1500 Firmware 1.0.3.7 Remote Code Execution Vulnerability Tcpdump Overflow Vulnerability Tcpdump 4.8.1 parsers Overflow Vulnerability Tcpdump 4.8.1 ISO CLNS Overflow Vulnerability Puppetlabs Mcollective-puppet-agent 1.11.0 option Execute Code Vulnerability Phpipam 1.2 Execute Code Cross Site Scripting Vulnerability Oracle Weblogic Server 10.3.6.0 takeover Remote Code Execution Vulnerability Oracle Universal Work Queue 12.1.1 accessible Remote Code Execution Vulnerability Oracle Siebel Ui Framework 16.1 update delete insert Remote Code Execution Vulnerability Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability Oracle One-to-one Fulfillment 12.1.2 HTTP Remote Code Execution Vulnerability Oracle Mysql 5.7.16 unauthorized Remote Code Execution Vulnerability Oracle Marketing 12.1.1 Base Remote Code Execution Vulnerability Oracle JRE 1.6 web service Remote Code Execution Vulnerability Oracle Flexcube Universal Banking 12.2.0 Denial Of Service Vulnerability Oracle Flexcube Private Banking 12.0.1 CVSS Remote Code Execution Vulnerability Oracle Advanced Outbound Telephony 12.1.3 unauthorized Remote Code Execution Vulnerability Mybb Merge System 1.8.6 MyBulletinBoard Cross Site Scripting Vulnerability Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability Wireshark Overflow Vulnerability  Featured Articles Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability Mp3splt 2.6.2 crafted Denial Of Service Vulnerability Trend Micro Smart Protection Server 3 webapps Execute Code Vulnerability Wordpress 4.7.1 commands Execute Code Sql Injection Vulnerability Oracle Istore 12.1.1 Successful Remote Code Execution Vulnerability Samsung Knox 1.0 Remote Code Execution Vulnerability Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability Cisco IOS 15.2(2)e3 Denial Of Service Obtain Information Vulnerability Oracle Knowledge Management 12.1.1 critical data Remote Code Execution Vulnerability Siemens Sinumerik Integrate Operate Client modify Obtain Information Vulnerability Trend Micro Smart Protection Server 2.6 commands Execute Code Vulnerability Google Android 7.1.0 Mediaserver Execute Code Overflow Memory corruption Vulnerability Cisco Netflow Generation Appliance 1.0(2) Cross Site Scripting Vulnerability Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Vulnerability Google Android 6.0.1 context Execute Code Overflow Memory corruption Vulnerability Cisco Unified Communications Manager 11.5(1.12000.1) Cross Site Scripting Bypass a restriction or similar Vulnerability Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Memory corruption Vulnerability Oracle Marketing 12.2.6 Base Score Remote Code Execution Vulnerability Google Android 7 context Execute Code Overflow Memory corruption Vulnerability Cisco Webex Meeting Center Wbs28 Base Remote Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®