Cisco ASA VPN XML Parser Denial of Service Vulnerability

Cisco ASA VPN XML Parser Denial of Service VulnerabilityThe AEC team of ethical hackers discovered and reported serious vulnerability of the Cisco systems.Relevance: High Abude Difficulty: LowThe identified vulnerability is caused by an error in XML (Extensible Markup Language) parser, which is a software component WebVPN in Cisco ASA products. It is possible to abuse… Continue reading

Read More

Critical vulnerability – the GHOST vulnerability (CVE-2015-0234)

We want to draw your attention to a very serious vulnerability of most linux distributions using glibc library. What it is aboutThe GHOST vulnerability uses the vulnerability of glibc library, which is an integral part of all linux distributions. It is basically an implementation of the standard library of the language C together with necessary part… Continue reading

Read More

Critical vulnerability OpenSSL (CVE-2014-0160)

We want to underline a very serious error in OpenSSL that was disclosed, including functional exploits. The error was marked as CVE-2014-0160, however in the IT fields it is referred to as the Heartbleed Bug. A remedial update (OpenSSL 1.0.1g) of the Open SSL library was already issued. We strongly recommend to all administrators to… Continue reading

Read More

Critical vulnerability in Bash (CVE-2014-6271)

We identified active cyber attacks (in the wild) abusing newly-discovered and currently-disclosed vulnerabilities in Bash (Bourne Again Shell). In some cases, they allow an unauthenticated attacker remote activation of the code of special characters injections into the environmental variable. The vulnerability allows remote reading of the server’s memory content (that is to say certificate keys, passwords,… Continue reading

Read More