Lucene search
+L

5157 matches found

Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.79 views

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution

Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on Hyper­V, VMWare, on bare metal or in the...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2017/05/21 7:40 p.m.23 views

Legal Robot: Domain takeover (legalrobot.co.za)

A security researcher discovered that an AWS S3 bucket was left unassigned after decommissioning. The bucket was previously used as a redirect to our main domain, legalrobot.com. If not for CloudFlare redirect rules already in place, the unused bucket could have allowed anyone that created an S3...

2.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/05/19 12:0 a.m.57 views

RHEL 6 : jboss-ec2-eap (RHSA-2017:1260)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1260 advisory. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS Elastic Compute...

8.1CVSS8.2AI score0.06056EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/05/18 10:9 p.m.54 views

Moderate: Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.1CVSS7.5AI score0.06056EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/05/18 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-3291-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00414EPSS
Exploits0References2
CNVD
CNVD
added 2017/05/15 12:0 a.m.3 views

TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace SQL Injection Vulnerabilities

TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace are both products of the US-based TIBCO Software. The former is a set of TIBCO Spotfire data analysis and mining tools based on TIBCO Spotfire for enterprises to provide integration, operation and management of the platform...

6.5CVSS8AI score0.00921EPSS
Exploits0References1
hackapp
hackapp
added 2017/05/10 3:55 p.m.295 views

Live.me - #1 video chat app - AWS Credentials, Base64 encoded String, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application Live.me - 1 video chat app published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2017/05/09 8:43 p.m.13 views

SOC 2 Type 1 and SOC 2 Type 2 Frequently Asked Questions

Coalfires SOC Practice Directors Dixon Wright and Jeff Cook recently conducted a webinar on AWS and SOC Reporting, What you need to know. The presentation provided a lot of good points that organizations should know or be prepared for regardless of the technology that is being used. Below you wil...

2.3AI score
Exploits0
Prion
Prion
added 2017/05/09 8:29 p.m.10 views

Sql injection

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

4CVSS7.1AI score0.00921EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2017/05/09 8:29 p.m.12 views

CVE-2017-5527

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

6.5CVSS6AI score0.00921EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/09 8:0 p.m.17 views

CVE-2017-5527 TIBCO Spotfire injection vulnerabilities

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

4.3CVSS7.2AI score0.00921EPSS
Exploits0References2
CVE
CVE
added 2017/05/09 8:0 p.m.62 views

CVE-2017-5527

The provided data confirms a SQL injection issue affecting TIBCO Spotfire products. Affected: Spotfire Server versions 7.0.x before 7.0.2; 7.5.x before 7.5.1; 7.6.x before 7.6.1; 7.7.x before 7.7.1; 7.8.x before 7.8.1; Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier. Description...

6.5CVSS6.3AI score0.00921EPSS
Exploits0References2Affected Software2
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/05/08 12:0 p.m.23 views

The Unified Cloud

Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2017/05/08 12:53 a.m.16 views

Hands-On Review: Converged Networking and Security with Cato Networks

Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or...

6.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/05/04 1:27 p.m.41 views

Akamai IT Challenge - 100 apps on EAA in 100 days

About a month or so ago I shared a quick video interview with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. In the video Joe outlines a few of the major initiatives he and the team are working on, including moving towards eliminating the VPN...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/04/29 1:5 p.m.22 views

Nextcloud: Missing Rate Limiting protection leading to mass triggering of e-mails

The issue is that there is a speed bump missing in the subscription of e-mail for a user. This would eventually let the attacker spam to any random e-mail resulting in exhaustion of resources on your side and I see that you are using Amazon AWS's SES where you are charged per e-mail. If a dedicat...

6.8AI score
Exploits0
n0where
n0where
added 2017/04/27 8:56 p.m.34 views

Monitor AWS & GCP Configurations: Security Monkey

Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...

1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2017/04/26 9:15 a.m.11 views

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2017/04/25 10:53 p.m.15 views

Kali Linux 2017.1 Release

As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools – but this release has a few more surprises up its sleeve. Support for RTL8812AU Wireless Card Injection These driver...

7.5AI score
Exploits0
0day.today
0day.today
added 2017/04/06 12:0 a.m.96 views

Cesanta Mongoose OS - Use-After-Free Vulnerability

Exploit for hardware platform in category dos / poc Product: Mongoose OS Vendor: Cesanta CVE ID: CVE-2017-7185 CSNC ID: CSNC-2017-003 Subject: Use-after-free / Denial of Service Risk: Medium Effect: Remotely exploitable Authors: Philipp Promeuschel Carel van Rooyen Stephan Sekula Date: 2017-04-03...

5CVSS7.6AI score0.12251EPSS
Exploits5
Rows per page
Query Builder