145 matches found
ThreatList: A Ranking of Airports By Riskiest WiFi Networks
With time to spare at an airport, fliers don’t think twice about cracking open their laptops and taking advantage of one of many free WiFi hotspots. But they should, warns Coronet. Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi...
sandiegoautoconnection.financing.dealer.com XSS vulnerability
Open Bug Bounty ID: OBB-632279 Description| Value ---|--- Affected Website:| sandiegoautoconnection.financing.dealer.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...
Cloud Foundry Diego Privilege Gain Vulnerability
Cloud Foundry Diego is a container management system used in the Cloud Foundry cloud computing platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry Diego versions prior to 2.8.0, which stems from the program's failure to properly filter...
Design/Logic Flaw
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265
Summary: CVE-2018-1265 affects Cloud Foundry Diego (diego-release before 2.8.0; cf-deployment before v1.37.0). The root cause is improper sanitization/validation of file paths in tar and zip headers, enabling a remote authenticated attacker with CF admin privileges to upload a malicious buildpack...
CVE-2018-1265
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using diego-release versions prior to 2.8.0 You are using cf-deployment versions prior to v1.37.0 Description Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize fil...
sandiego420tour.com XSS vulnerability
Open Bug Bounty ID: OBB-590129 Description| Value ---|--- Affected Website:| sandiego420tour.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
San Diego Sues Experian Over ID Theft Service
The City of San Diego, Calif. is suing consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law. The lawsuit,...
File Traversal
github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Die...
CVE-2015-5350
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...
Code injection
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...
CVE-2015-5350
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...
CVE-2015-5350
CVE-2015-5350 affects Garden Linux via the garden-linux nstar executable in Garden versions 0.22.0–0.329.0. An attacker staging an application on Cloud Foundry (Diego and Garden) with a malicious custom buildpack could read host-system files that the vcap user can read and package them into the a...
san-diego-theater.com XSS vulnerability
Open Bug Bounty ID: OBB-360971 Description| Value ---|--- Affected Website:| san-diego-theater.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
wework.com XSS vulnerability
Open Bug Bounty ID: OBB-277651 Description| Value ---|--- Affected Website:| wework.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-3091
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service...
CVE-2016-3091
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service...