moneycontrol.com XSS vulnerability

Open Bug Bounty ID: OBB-246881 Description| Value ---|--- Affected Website:| moneycontrol.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-7818

Untrusted search path vulnerability in Installers for Specification check program social insurance Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to...

Sunshine Car Life APP has information leakage vulnerability

Sunshine Car Life APP is a one-stop car owner service platform designed to provide you with authoritative national violation query, car insurance price calculation, trip management, claims service, and so on. There is an information leakage vulnerability in Sunshine Car Life APP, because the logi...

java deserialization vulnerability in the insurance intermediary business management system of BUPA Financial Technologies Ltd.

Insurance Intermediary Business Management System IBMS of BUPA Financial Technology Co., Ltd. is an insurance intermediary informatization management platform with dual functions of supervision and industry management. A java deserialization vulnerability exists in the insurance intermediary...

hyundaimotorinsurance.co.uk XSS vulnerability

Vulnerable URL: https://www.hyundaimotorinsurance.co.uk/Verex/html/help.html%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirm%60OPENBUGBOUNTY%60%20//%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| XSS...

daciacarinsurance.co.uk XSS vulnerability

Vulnerable URL: https://www.daciacarinsurance.co.uk/Verex/html/help.html%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirm%60OPENBUGBOUNTY%60%20//%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| XSS...

mitsubishimotorinsurance.co.uk XSS vulnerability

Vulnerable URL: https://www.mitsubishimotorinsurance.co.uk/Verex/html/help.html%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirm%60OPENBUGBOUNTY%60%20//%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| XSS...

landroverinsurance.com XSS vulnerability

Vulnerable URL: https://www.landroverinsurance.com/Verex/html/help.html%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirm%60OPENBUGBOUNTY%60%20//%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| XSS...

CVE-2017-5919

The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-5919

The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-5919

The CVE-2017-5919 entry refers to the 21st Century Insurance iOS app (version 10.0.0) failing to verify X.509 certificates when connecting to SSL servers. This makes it susceptible to man-in-the-middle attacks in which an attacker could spoof the server and access sensitive data via a crafted cer...

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

Analyzing Cyber Insurance Policies

There's a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract: In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies...

Oracle FLEXCUBE Investor Servicing Remote Vulnerability

Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking and asset management. Oracle FLEXCUBE Investor Servicing is one of the components that provides life-cycle processing of cross-business hedge funds, mutual funds and unit-linke...

New York State Implements Cybersecurity Regulation 23 NYCRR 500

On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of covered entities that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers,...

Sompo Insurance TravelJoy - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application Sompo Insurance TravelJoy published at the 'play' market has multiple vulnerabilities...

JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries

The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, an arbitrary code m...

Threat Outbreak Alert RuleID26129: Email Messages Distributing Malicious Software on November 16, 2016

Medium Alert ID: 49772 First Published: 2016 November 17 15:10 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID26129 may contain the following files: Name |...

SQL Injection Vulnerability in Sinosoft Technology's Insurance Business System

Sinosoft Insurance Business System is an insurance business processing system. By hooking up the functions of underwriting and claims management and document management, it effectively reduces the business risk of enterprises. Multiple SQL injection vulnerabilities exist in Sinosoft Technology...