138 matches found
Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS
Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...
Travel Booking < 2.7.8.4 - Reflected & Stored XSS
Weak security measures like no input & textarea fields data filtering has been discovered in the 'Traveler - Travel Booking WordPress Theme'. Special Notes: 1 - 'Change Avatar' upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page Serve...
Vulnerabilities in the WPA3 Wi-Fi Security Protocol
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanism...
Thousands of Internet connected hot tubs vulnerable to remote attacks
By Waqas Weak security practices have rendered IoT devices vulnerable to hacking and all sorts of cyber-attacks. According to the research from a Buckinghamshire-based security group Pen Test Partners, hot tubs can also be hacked using an app simply because there isn’t any authentication process ...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Service Delivery Manager. OpenSSL is installed on the operating system shipped via IBM Service Delivery Manager
Summary OpenSSL contains vulnerabilities CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293. OpenSSL is installed on the...
Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console affects IBM Tivoli Netcool Configuration Manager (ITNCM)
Summary There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server that may affect IBM Tivoli Netcool Configuration Manager ITNCM Vulnerability Details CVEID: CVE-2017-1137 DESCRIPTION: IBM WebSphere Application Server could provide weak...
Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)
Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection. Vulnerability Details CVEID:CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194 )
Summary There is a potential privilege escalation vulnerability in traditional WebSphere Application Server when using the OpenID Connect OIDC Trust Association Interceptor TAI. This does not affect WebSphere Application Server Liberty. There is a potential for weaker than expected security with...
CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...
IBM WebSphere Application Server Elevation of Privilege Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS that stems from t...
CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges...
CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges...
The vulnerability in the implementation of the SDP protocol for Bluetooth driver of Windows operating systems allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the SDP protocol implementation for Bluetooth drivers in Windows operating systems is related to incorrect security requirements. Exploiting this vulnerability allows a malicious actor to create a network interface and use it to execute a type of “man-in-the-middle” attack...
CVE-2017-1501
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576...
Weblate: no captcha for register user and weak question attacker can spam email
hi in https://demo.weblate.org/accounts/register/ attacker can register with same email and if didnt click on confirm link attacker can make request with infinite loop so attacker can spam another email with your service question is so simple any bot that can read source can generate answer for i...
What About the Plant Floor? Six Subversive Concerns for ICS Environments
Industrial enterprises such as electric utilities, petroleum companies, and manufacturing organizations invest heavily in industrial control systems ICS to efficiently, reliably, and safely operate industrial processes. Without this technology operating the plant floor, these businesses cannot...
Uber: Stored XSS in developer.uber.com
An attacker can make a series of requests to https://uber.readme.io/ that will result in permanent defacement/stored XSS of all the documentation pages on https://developer.uber.com/ I'm not entirely sure if this is in scope, but it could definitely have a major impact on developer.uber.com so I...
(0Day) Advantech WebAccess Local Escalation Of Privilege Vulnerability
This vulnerability allows local users to elevate to administrator status on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key
----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...