Lucene search
+L

587 matches found

ThreatPost
ThreatPost
added 2019/02/20 6:34 p.m.60 views

GitHub Increases Rewards, Scope For Bug Bounty Program

GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...

8.2AI score
Exploits0References6
Openbugbounty
Openbugbounty
added 2018/12/28 2:18 p.m.16 views

pearlharborelementary.org XSS vulnerability

Open Bug Bounty ID: OBB-715138 Description| Value ---|--- Affected Website:| pearlharborelementary.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/09/05 1:59 a.m.8 views

survey.barharbormaine.gov Improper Access Control vulnerability

Open Bug Bounty ID: OBB-673100 Description| Value ---|--- Affected Website:| survey.barharbormaine.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0
ThreatPost
ThreatPost
added 2018/08/15 11:0 a.m.15 views

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project

Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/07/02 7:13 p.m.28 views

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

When researcher Kevin Finisterre found a security error in drone-maker DJI’s systems enabling him to access flight log data and images of customers, he thought he had hit the $30,000 jackpot as part of the drone company’s newly announced bug bounty program. Instead, when the incident occurred in...

8.1AI score
Exploits0References13
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/05/03 2:0 p.m.22 views

What HIPAA and Other Compliance Teaches Us About the Reality of GDPR

with contributing author, William J. Malik, CISA | VP, Infrastructure Strategies The date for General Data Protection Regulation GDPR compliance is just weeks away, yet many organizations, especially those outside Europe, remain unprepared. It turns out that the experiences from other privacy...

0.7AI score
Exploits0
Veracode
Veracode
added 2018/01/15 7:8 a.m.14 views

LDAP Injection

github.com/vmware/harbor is vulnerable to LDAP injection attacks. The vulnerability exists due to the lack of sanitization on the username parameter, which is subsequently used to create the ldapFilter...

7AI score
Exploits0
CNVD
CNVD
added 2017/12/19 12:0 a.m.8 views

Harbor 'Ping()' Function Server-Side Cross-Site Forgery Vulnerability

Harbor is an open source, enterprise-grade registry server that also provides advanced security features such as user management, access control and activity auditing. A server-side cross-site forgery vulnerability exists in the 'Ping' function of the ui/api/targets.go file in Harbor 1.3.0-rc4 an...

8.6CVSS6.7AI score0.01389EPSS
Exploits1References1
NVD
NVD
added 2017/12/15 9:29 a.m.32 views

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

8.6CVSS8.5AI score0.01389EPSS
Exploits1References1
Prion
Prion
added 2017/12/15 9:29 a.m.24 views

Server side request forgery (ssrf)

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

5CVSS8.5AI score0.01389EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2017/12/15 9:29 a.m.4 views

Server-side Request Forgery (SSRF)

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the...

8.6CVSS6.9AI score0.01389EPSS
Exploits1References2
OSV
OSV
added 2017/12/15 9:29 a.m.22 views

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

8.6CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2017/12/15 9:0 a.m.28 views

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

8.6AI score0.01389EPSS
Exploits1References1
CVE
CVE
added 2017/12/15 9:0 a.m.62 views

CVE-2017-17697

Harbor (ui/api/target.go) has an SSRF vulnerability in Ping() via the endpoint parameter to /api/targets/ping, affecting Harbor up to 1.3.0-rc4. Several connected sources confirm the issue and describe exploitation path leading to information disclosure; a remediation cited in Snyk is to upgrade ...

8.6CVSS8.5AI score0.01389EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2017/12/11 5:22 a.m.22 views

Server Side Request Forgery (SSRF)

github.com/vmware/harbor is vulnerable to server side request forgery SSRF attacks. A malicious user can pass a malicious request to the application to the ping function in the /src/ui/api/target.go file, leading to information disclosure or arbitrary command execution...

8.6CVSS8.3AI score0.01389EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2016/07/21 12:30 a.m.15 views

France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission CNIL issued a form...

6.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/07/08 6:28 p.m.22 views

What you need to know: Navigating EU Data Protection changes – EU-US Privacy Shield and EU General Data Protection Regulation

If youre an organization with trans-Atlantic presence that transmits and stores European citizen data e.g. employee payroll & HR data, client & prospect data in the U.S. you will want to pay attention. What we will discuss was administered under the European Unions Data Protection Directive and a...

1.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/11/17 12:41 p.m.12 views

shop.harborfreight.com XSS vulnerability

Vulnerable URL: https://shop.harborfreight.com/catalogsearch/result?q="';-- Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

6.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/22 9:18 a.m.16 views

The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo

European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice ECJ declared Safe Harbor laws invalid earlier this month. The new agreement must protect the personal data of European...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/19 12:11 p.m.13 views

EC Ruling Invalidates Safe Harbor - Now What?

In a ruling on October 7, 2015 the European Court of Justice ECJ invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner. In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by...

1.2AI score
Exploits0
Rows per page
Query Builder