Cross site scripting

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker...

CVE-2020-9524

Micro Focus Enterprise Server and Enterprise Developer (all versions prior to 5.0 Patch Update 8) are affected by a Cross-Site Scripting (XSS) vulnerability in the web application layer. The root cause is insufficient validation of client-side data, enabling both stored and reflected XSS scenario...

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

Unspecified Vulnerability in Bond Technology Management JetSelect

Bond Technology Management JetSelect is an application for managing IP and networks on board. An unspecified vulnerability exists in Bond Technology Management JetSelect. An attacker could exploit this vulnerability to obtain user credentials via the Developer tool or similar...

CVE-2019-13023

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...

Hardcoded credentials

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...

CVE-2019-13023

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

Kicking off Developer Day 2020

Developer Day 2020 kicks off today with seven on-demand sessions for more than 2,600 registrants. This is the first time Developer Day has been held in a virtual setting and the VMware Carbon Black team is excited to welcome the largest group of developers we have ever had in attendance. With eig...

KLA11772 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in .NET Framework can be...

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to cross-site scripting.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 178183 DESCRIPTION: Drupal core cross-site scripting CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178183 for the current score. CVSS...

Report: Microsoft’s GitHub Account Gets Hacked

Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports. A group that calls itself Shiny Hunters claims it stole and then leaked the data, which did not appear to include...

Podcast: Shifting Cloud Security Left With Infrastructure-as-Code

Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to Google Cloud. Infrastructure-as-Code IaC security capabilities can help companies shift their cloud security “left” to improve developer productivity, avoid...

FreeBSD : cacti -- XSS exposure (cd864f1a-8e5a-11ea-b5b4-641c67a117d8)

Cacti developer reports : Lack of escaping of color items can lead to XSS exposure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and use ...

Mozilla: Arbitrary local file access with 'Copy as cURL'

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, i...

Android Security Bulletin—May 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-05-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Pixel Update Bulletin—May 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2020-05-05 or later address all issues in this bulletin and all issues in the May 2020 Android Security...

Critical GitLab Flaw Earns Bounty Hunter $20K

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23. It was then disclosed...

Trend Micro Integrates with Amazon AppFlow

The acceleration of in-house development enabled by public cloud and Software-as-a-Service SaaS platform adoption in the last few years has given us new levels of visibility and access to data. Putting all of that data together to generate insights and action, however, can substitute one challeng...