2563 matches found
WordPress Truemag Theme - Cross Site Scripting
The vulnerability is located in the "s" value of the page module GET method request. Because of this vulnerability remote attackers are able to inject own malicious script codes to the client-side of the online service web-application to compromise user session information or data. Solution Updat...
LocalTapiola: HTTP status code manipluation & java stack trace
Issue The reporter found a minor technical issue where an error-application could be used to make the server generate arbitrary error codes. In addition, low impact text injections with no links nor active content could be generated. Fix A fix was issued for the application which prohibited the...
GozNym Trojan Attackers Set Sights on Europe, Poland
The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks. The malware has started targeting corporate, SMB, investment banking and consumer accounts at...
AB CompactLogix 5000 Series Controller CIP Protocol Denial of Service Vulnerability
The AB CompactLogix 5000 series are controllers for Logix solutions for low-end to mid-size applications. A vulnerability in the CIP communication protocol of the AB CompactLogix 5000 Series controllers, if successfully exploited, could cause the target device to fail to respond properly to...
Uber: CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ```backup.uber.com```
backup.uber.com hosts a CrashPlan backup server on port 443. CrashPlan allows users to backup to a friends computer by entering a 6 digit alphanumeric code. This means there are 2,176,782,336 total CrashPlan friend codes. While this is a high number, it is completely possible to brute force this ...
WordPress ScoreMe Theme - Cross Site Scripting
Because of this vulnerability in the "s" value of the "index.php" file, remote attackers are able to inject own malicious script codes to the client-side of the affected web-application. Solution Update the theme...
OBD2 Codes Fix Free - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application OBD2 Codes Fix Free published at the 'play' market has multiple vulnerabilities...
OBDII Trouble Codes Lite - Dynamic Code Loading, External URLs, SQLite database found vulnerabilities
HackApp vulnerability scanner discovered that application OBDII Trouble Codes Lite published at the 'play' market has multiple vulnerabilities...
iGraal - Codes promo&Cashback - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application iGraal - Codes promo&Cashback published at the 'play' market has multiple vulnerabilities...
ICD 10 Codes deutsch - Dynamic Code Loading, External URLs, SQLite database found vulnerabilities
HackApp vulnerability scanner discovered that application ICD 10 Codes deutsch published at the 'play' market has multiple vulnerabilities...
Sky Remote Codes - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Sky Remote Codes published at the 'play' market has multiple vulnerabilities...
Arduino Codes Free - External URLs, MIT license, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Arduino Codes Free published at the 'play' market has multiple vulnerabilities...
Wear Codes for Android Wear - Exported ContentProvider, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Wear Codes for Android Wear published at the 'play' market has multiple vulnerabilities...
WordPress External Links Plugin <= 1.80 - Multiple Cross Site Scripting
This vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable modules. Solution Update the plugin...
Uber: Possibility to enumerate and bruteforce promotion codes in Uber iOS App
Due to the lack of rate limiting on the promo code redemption endpoint, it was possible to enumerate promo codes. The response also leaked metadata about the user, including the country of the user, their name and profile photo. Thanks, @r0t! Uber has a feature in the iOS app to apply a promotion...
Uber: Possibility to brute force invite codes in riders.uber.com
When adding new promotion codes for free rides, one could brute force invitation codes since there is no protection against brute force attacks. When going to payment page, it's possible to apply promotion code. If we intercept this request, we can brute force codes, since there is no captcha or...
Uber: Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
Invite codes are 5 alphanumeric lower case characters. This means there are 36 26 + 10 possible options for each space in the invite code. In total this means there are 36^5 or 60,466,176 possible invite codes. Through enumerating through all possible invite codes, one can find the total number o...
Fedora 23 : krb5-1.14.1-3.fc23 (2016-56840babc3)
CVE-2016-3119, NULL dereference in LDAP module. ---- Fix an issue with return codes on gssinquireattrsformech. This resolves an issue with gss-ntlmssp, and anything else that is interposing but not implementing the corresponding mechglue function. Note that Tenable Network Security has extracted...
XOOPS 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type:...
Xoops 2.5.7.2 - Directory Traversal Bypass
Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =========================== Directory Traversal Bypass Vulnerability Details: ===================== Xoops 2.5.7.2 ha...