Exploit details: change any user of the Uber-password-vulnerability warning-the black bar safety net

Vulnerability status: resolvedclosed Disclosure Time: 2 0 1 6 7 1 5 am 5 points 3 8 points Report objects: Uber Vulnerability type: authentication class Bonus: 1 0 0 0 0$ ! Vulnerability overview: Uber is a global instant car software, the software has now covered the global more than sixty...

Tiki Wiki CMS 15.0 - Arbitrary File Download

Exploit for php platform in category web applications Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download Date: 11-07-2016 Software Link: https://tiki.org Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...

adf.ly Open Redirect vulnerability

Vulnerable URL: http://adf.ly/ad/locked?url=//openbugbounty.org/=s Details: Description| Value ---|--- Patched:| Yes, at 04.05.2016 Latest check for patch:| 04.05.2016 03:50 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 127 VIP website status:| Yes...

Release Notes for Veeam Management Pack 8.0 Update 2

Challenge Release Notes for Veeam Management Pack 8.0 Update 2. Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be 8.0.0.2218 or later...

MS16-041: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: April 12, 2016

MS16-041: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: April 12, 2016 View products that this article applies to. Summary This...

HPSBHF03545 rev. 2 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities

Potential Security Impact Multiple Vulnerabilities Source: Hewlett­Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities identified with Windows running the NVidia Graphics Driver have been addressed in certain HP EliteBook and Zbook Products...

Shopify: Full access to Amazon S3 bucket containing AWS CloudTrail logs

An Amazon S3 bucket used internally by Shopify was misconfigured, allowing external users to read, write and list objects. The excess permissions have been removed...

Deriv.com: XSS

thalaivarsubu reported a valid xss on our main domain which was unfortunately a duplicate report. This issue has been resolved by us...

Veeam Management Pack 8.0 for System Center Update 1 Release Notes

Challenge Release Notes for Veeam Management Pack 8.0 for System Center Update 1. Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be...

Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)

Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL: http://www.coresecurity.com/advisories/microsoft-windows-media-center-link-file-incorrectly-resolved-reference Date published: 2015-12-08 Date of last...

Deriv.com: Cross Site Scripting

paulos reported xss in new account section of binary.com which was resolved by us...

Pornhub: Cross Site Scripting – Album Page

The researcher identified that multiple albums were vulnerable to reflected cross site scripting from the URL, a few examples and proofs of concept are shown explained with relevant get requests and responses plus screenshots. The malicious link is shown below: http://www.pornhub.com/albums?...

XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )

Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...

java-1.7.0-openjdk security update

1:1.7.0.75-2.5.5.1.0.1.el71 - Update DISTRONAME in specfile 1:1.7.0.75-2.5.5.1 - repacked sources - Resolves: rhbz1209072 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Remove test case for RH1191652 now fix has been verified. - Drop AArch6...

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

[security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04626732 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04626732 Version: 1 HPSBGN03307 rev....

Veeam ONE 8.0 Patch 1 Release Notes

Challenge Release Notes for Veeam ONE 8.0 Patch 1. Cause Please confirm you are running Veeam ONE 8 prior to installing this update. You can check this under Help | About in Veeam ONE Monitor Client, the build number should be 8.0.0.xxx. After upgrading, your version build will be 8.0.0.1615. Thi...

Suning a backstage bypass arbitrary file upload-vulnerability warning-the black bar safety net

http://58.213.19.68/users/signin Suning Plaza phone the client back-end management system http://58.213.19.68/users/signup you can register for an account Then login ! Snip2015010713. png Point into the background is not entitled to limit access, but the system using rb to develop The error...

Vimeo: subdomain takeover 1511493148.cloud.vimeo.com

The researcher found a DNS entry pointing to an unused IP address. This was a domain hijacking issue and was resolved by removing the DNS entry...

tnftp "savefile" Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...