Lucene search
K

610 matches found

Microsoft Secure
Microsoft Secure
added 2018/05/01 5:0 p.m.16 views

Building a world without passwords

Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that weve been busy at work trying to create a world without them a world without passwords. In this blog, we will provide a brief insight into how we at Microsoft think about solving this...

Exploits0
CNVD
CNVD
added 2018/02/26 12:0 a.m.3 views

Promise Technology WebPam Pro-E Appliance HTTP Response Header Injection Vulnerability

Promise Technology WebPam Pro-E devices are a data center device from Promise Technology. A security vulnerability exists in the Promise Technology WebPam Pro-E devices due to a failure to filter parameters in the PHPSESSID cookie. The vulnerability can be exploited by remote attackers to conduct...

6.1CVSS7.3AI score0.00769EPSS
Exploits0References1
Prion
Prion
added 2018/02/07 5:29 a.m.15 views

Crlf injection

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...

4.3CVSS6.6AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2018/02/07 5:29 a.m.13 views

CVE-2018-6603

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...

6.1CVSS6.6AI score0.00769EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/07 5:0 a.m.17 views

CVE-2018-6603

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...

6.6AI score0.00769EPSS
Exploits0References1
CVE
CVE
added 2018/02/07 5:0 a.m.41 views

CVE-2018-6603

The CVE-2018-6603 issue affects Promise Technology WebPam Pro-E devices, where remote attackers can exploit a failure to filter parameters in the PHPSESSID cookie to trigger XSS, HTTP Response Splitting, and CRLF Injection via JavaScript in the cookie. Public references in CNVD/NVD entries corrob...

6.1CVSS6.6AI score0.00769EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2018/01/29 12:0 a.m.15 views

chrome:Cross-origin object leak via fetch

VULNERABILITY DETAILS The promise returned by fetch.callcrossOriginWindow is created in the cross-origin context. Direct cross-origin scripting is not possible because cross-origin function constructors don't work anymore issue 541703 . But the attacker can e.g. call other functions of the...

6.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/07 1:23 p.m.15 views

await vs return vs return await

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...

7.4AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/07 1:23 p.m.13 views

await vs return vs return await

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...

7.4AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2017/03/14 6:9 p.m.62 views

Security update for MozillaFirefox, mozilla-nss (important)

This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 boo1028391 requires NSS = 3.28.3 Pages containing insecure password fields now display a warning directly within username and password fields. Send and open a tab from one device ...

0.4AI score0.17484EPSS
Exploits19References1
OSV
OSV
added 2017/01/27 12:0 a.m.8 views

UBUNTU-CVE-2017-5010

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS7AI score0.01198EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2016/08/18 5:27 p.m.11 views

promise-project.net XSS vulnerability

Open Bug Bounty ID: OBB-176303 Description| Value ---|--- Affected Website:| promise-project.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2016/04/07 3:3 a.m.8 views

Streaming template literals

Template literals are pretty cool right? const areThey = 'Yes'; console.log$areThey, they are; // Logs: Yes, they are You can also assign a function to process the template, known as "tagged" templates: function strongValuesstrings, ...values return strings.reducetotalStr, str, i = totalStr += st...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2015/08/17 12:1 a.m.13 views

Tasks, microtasks, queues and schedules

When I told my colleague Matt Gaunt I was thinking of writing a piece on microtask queueing and execution within the browser's event loop, he said "I'll be honest with you Jake, I'm not going to read that". Well, I've written it anyway, so we're all going to sit here and enjoy it, ok? Actually, i...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit

No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

promise webpam 2.2.0.13 - Multiple Vulnerabilities

No description provided by source. Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplif...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2014/03/13 12:0 a.m.23 views

Promises: resolve is not the opposite of reject

When I first started working with promises I had the overly simplistic view that passing a value into reject would mark the promise as "failed", and passing a value into resolve would mark it as "successful". However, the latter isn't always true. new Promiseresolve, reject = resolvesomething;...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/01/02 12:0 a.m.24 views

Astium VoIP PBX 2.1 Remote Root

!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2012/10/10 6:23 p.m.5 views

Anonymous threatened Estonian government with a possible cyber attack

Anonymous Hackers AnonSwedenOp posted a video on YouTube on October 8 where it threatened the Estonian government with a possible cyber attack. "Estonian government had sacrificed its own people instead of helping its own people, Estonian government has channelled money to helping Greece that is...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2012/03/08 12:0 a.m.25 views

Promise WebPAM 2.2.0.13 Cross Site Scripting / SQL Injection

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...

0.2AI score
Exploits0
Rows per page
Query Builder