587 matches found
GitHub Increases Rewards, Scope For Bug Bounty Program
GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...
pearlharborelementary.org XSS vulnerability
Open Bug Bounty ID: OBB-715138 Description| Value ---|--- Affected Website:| pearlharborelementary.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score...
survey.barharbormaine.gov Improper Access Control vulnerability
Open Bug Bounty ID: OBB-673100 Description| Value ---|--- Affected Website:| survey.barharbormaine.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project
Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best...
Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors
When researcher Kevin Finisterre found a security error in drone-maker DJI’s systems enabling him to access flight log data and images of customers, he thought he had hit the $30,000 jackpot as part of the drone company’s newly announced bug bounty program. Instead, when the incident occurred in...
What HIPAA and Other Compliance Teaches Us About the Reality of GDPR
with contributing author, William J. Malik, CISA | VP, Infrastructure Strategies The date for General Data Protection Regulation GDPR compliance is just weeks away, yet many organizations, especially those outside Europe, remain unprepared. It turns out that the experiences from other privacy...
LDAP Injection
github.com/vmware/harbor is vulnerable to LDAP injection attacks. The vulnerability exists due to the lack of sanitization on the username parameter, which is subsequently used to create the ldapFilter...
Harbor 'Ping()' Function Server-Side Cross-Site Forgery Vulnerability
Harbor is an open source, enterprise-grade registry server that also provides advanced security features such as user management, access control and activity auditing. A server-side cross-site forgery vulnerability exists in the 'Ping' function of the ui/api/targets.go file in Harbor 1.3.0-rc4 an...
CVE-2017-17697
The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...
Server side request forgery (ssrf)
The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...
Server-side Request Forgery (SSRF)
Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the...
CVE-2017-17697
The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...
CVE-2017-17697
The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...
CVE-2017-17697
Harbor (ui/api/target.go) has an SSRF vulnerability in Ping() via the endpoint parameter to /api/targets/ping, affecting Harbor up to 1.3.0-rc4. Several connected sources confirm the issue and describe exploitation path leading to information disclosure; a remediation cited in Snyk is to upgrade ...
Server Side Request Forgery (SSRF)
github.com/vmware/harbor is vulnerable to server side request forgery SSRF attacks. A malicious user can pass a malicious request to the application to the ping function in the /src/ui/api/target.go file, leading to information disclosure or arbitrary command execution...
France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data
We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission CNIL issued a form...
What you need to know: Navigating EU Data Protection changes – EU-US Privacy Shield and EU General Data Protection Regulation
If youre an organization with trans-Atlantic presence that transmits and stores European citizen data e.g. employee payroll & HR data, client & prospect data in the U.S. you will want to pay attention. What we will discuss was administered under the European Unions Data Protection Directive and a...
shop.harborfreight.com XSS vulnerability
Vulnerable URL: https://shop.harborfreight.com/catalogsearch/result?q="';-- Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...
The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo
European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice ECJ declared Safe Harbor laws invalid earlier this month. The new agreement must protect the personal data of European...
EC Ruling Invalidates Safe Harbor - Now What?
In a ruling on October 7, 2015 the European Court of Justice ECJ invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner. In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by...