1081 matches found
Web Form Sending Credentials Using GET (PCI-DSS check)
The remote web application has a form that sends credentials using an HTTP GET request. This can cause sensitive information such as usernames and passwords to be logged by the server in access logs. Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission...
UBUNTU-CVE-2018-1302
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...
Frontier Silicion Internet Radio Detection
This script performs HTTP based detection of a Frontier Silicion Internet Radio. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
amazoo.co.il XSS vulnerability
Open Bug Bounty ID: OBB-581863 Description| Value ---|--- Affected Website:| amazoo.co.il Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
TextPattern 4.6.2 - qty SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
TextPattern 4.6.2 - 'qty' SQL Injection
============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474 ============================================= I...
[SECURITY] Fedora 27 Update: sblim-sfcb-1.4.9-9.fc27
Small Footprint CIM Broker sfcb is a CIM server conforming to the CIM Operations over HTTP protocol. It is robust, with low resource consumption and therefore specifically suited for embedded and resource constrained environments. sfcb supports providers written against the Common Manageability...
[SECURITY] Fedora 26 Update: sblim-sfcb-1.4.9-7.fc26
Small Footprint CIM Broker sfcb is a CIM server conforming to the CIM Operations over HTTP protocol. It is robust, with low resource consumption and therefore specifically suited for embedded and resource constrained environments. sfcb supports providers written against the Common Manageability...
CVE-2018-7298
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...
Code injection
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...
CVE-2018-7298
Affected product: eQ-3 AG HomeMatic CCU2 (version 2.29.22). Issue: loopupd.sh downloads software update packages over HTTP, which provides no cryptographic protection. Root cause: lack of integrity/ authenticity verification for firmware updates due to plain HTTP delivery. Impact: attacker with n...
Design/Logic Flaw
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...
CVE-2018-6794
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...
CVE-2018-6794
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...
CVE-2018-6794
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...
Mail.ru: XSS via Cookie in e.mail.ru
Привет! Нашел stored xss через куку VID. Обычно такое эксплуатируется через mitm. Сама кука не имеет атрибутов secure и samesite, что дает возможность выставить ее по http на сервере атакующего. Сценарий такой: 1. Жертва находится в сети атакующего 2. DNS сервер сети атакующего резолвит хост...
CVE-2018-2604
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications subcomponent: Base. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Gue...
Skygofree: Following in the footsteps of HackingTeam
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were...
Sync Breeze 10.2.12 Denial Of Service
============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088 ============================================= I...
Sync Breeze 10.2.12 - Denial of Service
Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...