Lucene search
K

1151 matches found

Hacker One
Hacker One
added 2014/04/21 7:59 p.m.15 views

Cloudflare: http://cdnjs.cloudflare.com/ Cross-site scripting 2

Hi, I found another flash based XSS located here : http://cdnjs.cloudflare.com/ajax/libs/extjs/3.4.1-1/resources/charts.swf?allowedDomain=%22catchealertdocument.domain;// best regards, Olivier Beg!...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2014/04/21 7:45 p.m.43 views

Cloudflare: Content spoofing /CSRF at https://www.cloudflare.com/ajax/modal-dialog.html

Hi there, I noticed two things on the following url: https://www.cloudflare.com/ajax/modal-dialog.html 1. CSRF There are some csrf countermeasures in place e.g. X-Requested-With: XMLHttpRequest, however they're not validated on the server. This leads to an uncritical csrf: 2. Content spoofing Usi...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2014/04/21 7:15 p.m.30 views

Cloudflare: jplayer.swf Cross-site scripting

Hello, I found a Cross-site scripting located here : http://cdnjs.cloudflare.com/ajax/libs/jplayer/2.2.0/Jplayer.swf?jQuery=alert&id=XSS Best regards, Olivier Beg...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2014/04/21 6:55 p.m.24 views

Cloudflare: CSRF in Cloudflare login

I noticed that the login page at /login does not prevent CSRF logins. I recommend taking a look at the risks of not protecting login against CSRF and possibly protect the form against attacks like this with a token just like in the rest of the application...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2014/04/21 3:45 p.m.8 views

CloudFlare Launches Bug Bounty Program

As the OpenSSL heartbleed saga unfolded over the last couple of weeks, one of the companies that was at the forefront of figuring out the scope and effects of the problem was CloudFlare. The company put up a challenge server, asking researchers to hit it with the heartbleed exploit to determine...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/04/17 1:50 p.m.17 views

Certificate Revocations Shoot Up in Wake of OpenSSL Heartbleed Bug

The after effects of the OpenSSL heartbleed vulnerability continue to spread through the technology industry, nearly two weeks after the details of the flaw were disclosed. One of the latest repercussions is a huge increase in the number of SSL certificates being revoked, as site owners and hosti...

6.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/04/07 4:23 p.m.7 views

OpenSSL Fixes TLS Vulnerability

The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of memory to any client or server that was connected. The details of the vulnerability, fixed in versi...

6.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/02/28 10:1 a.m.13 views

CloudFlare Issues Transparency Report

CloudFlare claims government requests for user data are affecting fewer than .017 percent of their two million global customers The Web performance and security company yesterday issued the report in accordance with the Department of Justice’s new regulations for publishing information pertaining...

7AI score
Exploits0References5
The Hacker News
The Hacker News
added 2014/02/11 9:27 p.m.19 views

Largest Ever 400Gbps DDoS attack hits Europe uses NTP Amplification

The Distributed Denial of Service DDoS attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost Distributed...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/12/06 10:0 a.m.5 views

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA, and had authorized access to...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/12/05 11:0 p.m.24 views

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

None...

7AI score
Exploits0
Hacker One
Hacker One
added 2013/12/04 2:17 p.m.74 views

Internet Bug Bounty: TLS Virtual Host Confusion

I am a security researcher at INRIA Paris in team PROSECCO http://prosecco.inria.fr We have been investigating a new class of attacks against the deployment of TLS on the Web. The main idea behind these attacks is that when two servers host different domains but share the same certificate which...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2013/11/08 9:59 a.m.28 views

HackerOne: CSP not consistently applied

Also thought I'd formally submitted the issue we discussed yesterday, that sometimes the CSP response headers served are missing for browsers that don't support them, but then the page without these headers can be cached by Cloudflare. This makes it easier to mount a XSS attack...

2.3AI score
Exploits0
The Hacker News
The Hacker News
added 2013/10/06 6:33 a.m.15 views

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2013/10/05 7:33 p.m.18 views

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as...

8.4AI score
Exploits0
ThreatPost
ThreatPost
added 2013/08/29 11:33 a.m.11 views

Inside the Response to the New York Times Attack

Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have...

0.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/08/28 9:28 a.m.19 views

Registrar Hack at Root of NY Times and Twitter Attacks

UPDATE–The attack that took down the New York Times Web site Tuesday afternoon, along with domains belonging to Twitter and the Huffington Post, was accomplished through the use of compromised credentials belonging to a reseller for the registrar that those companies use to buy their domains...

0.3AI score
Exploits0References4
The Hacker News
The Hacker News
added 2013/08/27 7:50 a.m.12 views

China hit by massive DDoS attack causing the Internet inaccessibility for hours

During the weekend China's Internet was taken down by a powerful distributed denial of service DDoS attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2013/08/26 1:37 p.m.11 views

China .cn Domain Available Again after DDoS Attack

Long fingered as the source of denial-of-service attacks and other hacks against foreign interests, China’s .cn domain was targeted on Sunday and approximately one-third of the sites registered to that domain were kept offline for a period of time. A statement from the China Internet Network...

Exploits0References5
Packet Storm
Packet Storm
added 2013/08/23 12:0 a.m.48 views

Cloudflare Cross Site Scripting

Details below of an XSS vulnerability I discovered in Cloudflare markdown format - Glenn | /dev/alias http://blog.devalias.net http://devalias.net ----- Reference Number: DAHAX-2013-001 /dev/alias/hacks 2013-001 Notification Timeline: 10/07/2013, Request 38713...

7.4AI score
Exploits0
Rows per page
Query Builder