467 matches found
Information disclosure
The Bear ID Lock aka com.wBearIDLock application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7048
The CVE-2014-7048 entry concerns the Android app Bear ID Lock (com.wBearIDLock) , version 0.1. The vulnerability is that the app does not verify X.509 certificates from SSL servers, which allows a man‑in‑the‑middle attacker to spoof servers and obtain sensitive information via a crafted certifica...
CVE-2014-7048
The Bear ID Lock aka com.wBearIDLock application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Crouching Yeti APT Campaign Stretches Back Four Years
A new analysis of a long-term APT campaign targeting manufacturers, industrial, pharmaceutical, construction and IT companies in several countries has uncovered fresh details of the attack, including identification of nearly 3,000 victims and the unmasking of the command-and-control infrastructur...
Dragonfly Russian Hackers Target 1000 Western Energy Firms
Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it’s ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a...
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
No description provided by source. Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID:...
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
FTP Drive + HTTP 1.0.4 iOS - Code Execution
FTP Drive + HTTP 1.0.4 iOS - Code Execution Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID...
FTP Drive + HTTP 1.0.4 Code Execution
Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
FTP Drive + HTTP 1.0.4 iOS - Code Execution
Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2013-3922
Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in a GET request...
Directory traversal
Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in a GET request...
CVE-2013-3922
The CVE-2013-3922 entry relates to Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier, vulnerable to a directory traversal via an encoded ..%2f (dot dot slash) in a GET request, allowing remote attackers to read arbitrary files. Connected sources corroborate the same description across ...
CVE-2013-3922
Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in a GET request...
Brother Bear SQL Injection
---------------------------------------------------------------- Brother Bear SQL Injection Vulnerability ---------------------------------------------------------------- Exploit Title : Brother Bear SQL Injection Vulnerability Author : Hack Center Security Team Discovered By : Net.W0lf Software...
WHOISCART (Auth Bypass) Information Disclosure Vulnerability
No description provided by source. +===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ ...
Unfixed XSS vulnerability at www.bigbearmountainresorts.com
Security researcher mckt, has submitted on 08/07/2008 a cross-site-scripting XSS vulnerability affecting www.bigbearmountainresorts.com, which at the time of submission ranked 603191 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. I...
CVE-2008-2507
CVE-2008-2507 concerns a cross-site scripting (XSS) vulnerability in Brown Bear Software Calcium 3.10 and 4.0.4 (Calcium40.pl). The issue arises in the ShowIt action where user-supplied input in the CalendarName parameter can be manipulated to inject arbitrary web script or HTML. The available do...