108 matches found
LeakDB - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
LeakDB is a tool set designed to allow organizations to build and deploy their own internal plaintext "Have I Been Pwned"-like service. The LeakDB tool set can normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale, without the need to distribute large files ...
Bitcoind and Bitcoin-Qt Bloom Filter Implementations for Input Validation
A denial of service vulnerability exists in the Bloom Filter implementation in Bitcoind and Bitcoin-Qt versions 0.8.x prior to 0.8.4rc1. A remote attacker can exploit this vulnerability to cause a denial of service except for zero errors and process crashes via a specially crafted message sequenc...
CVE-2016-11003
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation...
CVE-2016-11003
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation...
Privilege escalation
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation...
CVE-2016-11003
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation...
CVE-2016-11003
The Bloom plugin for WordPress (Elegant Themes) is affected prior to version 1.1.1, with a privilege escalation vulnerability disclosed across multiple sources (NVD/Red Hat/WPVulnDB/PT Security). Impact described as privilege escalation for registered users, with remediation to upgrade to version...
PT-2019-7796
Name of the Vulnerable Software and Affected Versions Elegant Themes Bloom plugin versions prior to 1.1.1 Description The issue allows for privilege escalation. Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue...
cn.hutool:hutool-aop (>=4.0.0 <=4.1.11), cn.hutool:hutool-bloomFilter (>=4.0.0 <=4.1.11) +79 more potentially affected by CVE-2018-17297 via cn.hutool:hutool-core (>=4.0.0 <=4.1.11)
cn.hutool:hutool-core MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.1.11 and more Source cves: CVE-2018-17297 Source advisory: OSV:GHSA-RHQ2-2574-78MC...
reservations.bloomu.edu XSS vulnerability
Open Bug Bounty ID: OBB-628407 Description| Value ---|--- Affected Website:| reservations.bloomu.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials
Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police RCMP, the 27-year-old Jordan Eva...
Canadian Police Charge Operator of Hacked Password Service Leakedsource.com
Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com. The now-defunct Leakedsource service. On Dec. 22, 2017, the Royal Canadian Mounted Police RCMP charged Jordan Evan...
Artificial Inteligent Packet Inspection Engine: AIEngine
AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS Network Intrusion Detection System functionality, DNS domain classification, network collector, network forensics and many others...
WordPress Bloom Plugin <= 1.1.0 - Privilege Escalation
This plugin is prone to a privilege escalation vulnerability. Solution Update the plugin...
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity Exploit Title : GeoServer XXE Date : 11/08/2015 Exploit Author : David Bloom Script - Ping to Sven Claessens, Jacques Villemur and Eric Donners Vendor homepage : http://geoserver.org Software Link : http://geoserver.org/release/stable Version ...
CVE-2014-6800
The Bloom Township 206 aka net.parentlink.bloom application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Bloom Township 206 aka net.parentlink.bloom application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6800
The CVE-2014-6800 entry applies to the Bloom Township 206 (net.parentlink.bloom) Android app version 4.0.500. The vulnerability arises because the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive informatio...
CVE-2014-6800
The Bloom Township 206 aka net.parentlink.bloom application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
[Blackhash] Audit Passwords Without Hashes
A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password...