3014 matches found
kaps.or.kr XSS vulnerability
Vulnerable URL: http://www.kaps.or.kr/en/src/board/view.php?mode==KPSR=1687ref=255=1"--!"kind=20-3type=1text=no= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3165896 VIP website...
U.S. Dept Of Defense: Exposed FTP Credentials on ███████
Summary: An exposed configuration file leaks FTP credentials to a DoD server. Description: The config file hosted onftp://█████████/pub/misc/FTP███████Sign.exe.config exposes a username █████████ and associated password ███████. These are valid credentials for the FTP server operating on...
Patching CVE-2017-7494 in Samba: It’s the Circle of Life
With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm, today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 released March 1, 2010 and onwards of Samba, the defacto standard...
Challenges with Critical Infrastructure: IoT, Smart Cities Under Attack
Internet of Things technology is now more widespread than many people realize. Systems that fall under the IoT umbrella are popping up in an array of settings, even outside consumer circles. Today, every group from enterprise businesses to city governments is utilizing intelligent, internet- and...
Eyes Of Network (EON) Detection Consolidation
Consolidation of Eyes Of Network EON detections. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress FTP/SSH Forms Function Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress FTP/SSH forms feature. The vulnerability can be used to...
roxftpd.free.fr XSS vulnerability
Vulnerable URL: http://roxftpd.free.fr/redirect.php3?url=https://www.xssposed.org...
U.S. Dept Of Defense: Exposed ███████ Administrative Interface (ColdFusion 11)
Summary: The "/██████████/administrator/" directory is accessible to the public and allows an attacker to further enumerate the system and/or perform brute force attacks. Description: The ████████ website has an exposed "Administrative Interface" for ColdFusion 11, which could be useful to an...
BAIC's Android app has a CAPTCHA design flaw
BAIC Android app is an online mobile service software. A CAPTCHA design vulnerability exists in the BAIC Android app. The vulnerability is caused due to the captcha being transmitted in clear text and without conditional restrictions. With the password recovery feature, an attacker can continuous...
SQL Injection Vulnerability in Nanjing Nanda Shangcheng Content Management System CountArticle.jsp Page
Nanjing Nanda Shangcheng content management system is a smart government solution. A SQL injection vulnerability exists in the CountArticle.jsp page of the Nanjing Nanda Shangcheng Content Management System. The lack of filtering of the 'ID' parameter allows an attacker to exploit the vulnerabili...
metal-mate.com XSS vulnerability
Vulnerable URL: http://www.metal-mate.com/web/dinsorweb/en/product.php?name=ngvcylinder" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9832992 VIP website status:| No Check...
CVE-2016-9720
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference : 1999533...
New Relic: [docs-ra.newrelic.com] subdomain and Drupal takeover via unconfigured endpoint
Hi, While conducting New Relic web property reconnaissance, I came across the unused docs-ra.newrelic.com endpoint. This endpoint allowed an unauthenticated user to progress through the Drupal installation process and activate the site with their own configuration – it appears that valid MySQL...
Followers for Instagram - Tags - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Followers for Instagram - Tags published at the 'play' market has multiple vulnerabilities...
CVE-2016-9355
An issue was discovered in Becton, Dickinson and Company BD Alaris 8015 Point of Care PC unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and oth...
Pornhub: Debug.log file Exposed to Public \Full Path Disclosure\
The researcher discovered a debug log file exposing path information...
Printing and Marketing Firm Leaks High-Profile Customers' Data
Franchise Services, the parent company of a number of large print and design companies, said it is investigating claims that sensitive customer data stored by one of its franchisees is accessible online. The data dates back to 2010 and ranges from sensitive health records belonging to a former...
CVE-2016-8963
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...
New Relic: Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc.
Summary When a restricted user visits this URL: There is a request sent to this URL: https://www.staging-bam.nr-data.net. Within that request leaks the following information about the entire account, that the restricted user can view:...
Apple iOS APPLE-SA-2016-12-12-1 has multiple vulnerabilities (CNVD-2016-12707)
Apple iOS is an operating system developed for mobile devices. Apple iOS has multiple vulnerabilities. An attacker can exploit the vulnerabilities to bypass security restrictions, execute arbitrary code or perform unauthorized actions, and obtain sensitive information...