Downloads Resources over HTTP

Overview Affected versions of libxl insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP

Overview Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Downloads Resources over HTTP

Overview Affected versions of selenium-binaries insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP

Overview Affected versions of product-monitor insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of aerospike insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP

Overview Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Legal Robot: The websocket traffic is not secure enough

'Cross-Site WebSocket Hijacking' is possible, because the websocket connection is not secure enough. The traffic from and to the websocket can be sniffed with Chrome see attachment, and replayed elsewhere cross-domain. Explanation:...

Amazon Linux: Security Advisory (ALAS-2016-713)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Reverb.com: IDOR - Ability to view unlisted products

Hi All, I believe I've found a vulnerability on your sandbox site which allows attackers to view the details of listings that are unpublished. Description While creating a product, I noticed there is a call to https://sandbox.reverb.com/api/listings/65905/productbundle which returns json details...

UBUNTU-CVE-2016-5173

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

Bugs in Signal Messaging App Corrupt Attachments, Crash App

Makers of the mobile encrypted chat app Signal say they have fixed vulnerabilities in the Android version of the messaging app that allowed attackers to corrupt encrypted attachments and remotely crash the application. The vulnerabilities were discovered by Jean-Philippe Aumasson and Markus Vervi...

chromium-browser: extension resource access

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]

When researching about MX records of slack.com, I noticed that they used a 3rd party email service. In that service, however slack.com was already claimed. After a little more research, I found that all the sub-domains of slack.com like teamname.slack.com also had MX set to the same service. Thes...

Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer but, logged-in and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a U...

Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]

After recent finding about one of the Uber’s subdomain takeover was publicly disclosed, I looked into Uber to find similar bugs. One of my colleagues Abhibandu Kafle, pointed out that em.uber.com also had CNAME pointing to SendGrid and could be vulnerable to similar kind of issue. I had limited...