Lucene search
K

145 matches found

ThreatPost
ThreatPost
added 2018/07/20 4:29 p.m.14 views

ThreatList: A Ranking of Airports By Riskiest WiFi Networks

With time to spare at an airport, fliers don’t think twice about cracking open their laptops and taking advantage of one of many free WiFi hotspots. But they should, warns Coronet. Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi...

0.2AI score
Exploits0References2
Openbugbounty
Openbugbounty
added 2018/06/14 3:41 p.m.9 views

sandiegoautoconnection.financing.dealer.com XSS vulnerability

Open Bug Bounty ID: OBB-632279 Description| Value ---|--- Affected Website:| sandiegoautoconnection.financing.dealer.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

6.2AI score
Exploits0
CNVD
CNVD
added 2018/06/08 12:0 a.m.4 views

Cloud Foundry Diego Privilege Gain Vulnerability

Cloud Foundry Diego is a container management system used in the Cloud Foundry cloud computing platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry Diego versions prior to 2.8.0, which stems from the program's failure to properly filter...

7.2CVSS7.2AI score0.01771EPSS
Exploits0References1
Prion
Prion
added 2018/06/06 8:29 p.m.15 views

Design/Logic Flaw

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

6.5CVSS6.9AI score0.01771EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2018/06/06 8:29 p.m.28 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

7.2CVSS7.2AI score0.01771EPSS
Exploits0References1
NVD
NVD
added 2018/06/06 8:29 p.m.29 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

7.2CVSS7AI score0.01771EPSS
Exploits0References1
CVE
CVE
added 2018/06/06 8:0 p.m.51 views

CVE-2018-1265

Summary: CVE-2018-1265 affects Cloud Foundry Diego (diego-release before 2.8.0; cf-deployment before v1.37.0). The root cause is improper sanitization/validation of file paths in tar and zip headers, enabling a remote authenticated attacker with CF admin privileges to upload a malicious buildpack...

7.2CVSS6.9AI score0.01771EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2018/06/06 8:0 p.m.28 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

7AI score0.01771EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2018/06/05 12:0 a.m.38 views

CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using diego-release versions prior to 2.8.0 You are using cf-deployment versions prior to v1.37.0 Description Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize fil...

7.2CVSS7AI score0.01771EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2018/03/25 7:21 a.m.9 views

sandiego420tour.com XSS vulnerability

Open Bug Bounty ID: OBB-590129 Description| Value ---|--- Affected Website:| sandiego420tour.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/23 4:31 p.m.53 views

San Diego Sues Experian Over ID Theft Service

The City of San Diego, Calif. is suing consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law. The lawsuit,...

6.7AI score
Exploits0
Veracode
Veracode
added 2018/03/20 2:5 a.m.19 views

File Traversal

github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Die...

7.5CVSS7.2AI score0.0132EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/19 1:29 p.m.18 views

CVE-2015-5350

In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...

7.5CVSS7.4AI score0.0132EPSS
Exploits0References1
Prion
Prion
added 2018/03/19 1:29 p.m.16 views

Code injection

In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...

5CVSS6.8AI score0.0132EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/19 1:0 p.m.22 views

CVE-2015-5350

In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read file...

7.4AI score0.0132EPSS
Exploits0References1
CVE
CVE
added 2018/03/19 1:0 p.m.50 views

CVE-2015-5350

CVE-2015-5350 affects Garden Linux via the garden-linux nstar executable in Garden versions 0.22.0–0.329.0. An attacker staging an application on Cloud Foundry (Diego and Garden) with a malicious custom buildpack could read host-system files that the vcap user can read and package them into the a...

7.5CVSS7.3AI score0.0132EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2017/10/23 1:32 p.m.7 views

san-diego-theater.com XSS vulnerability

Open Bug Bounty ID: OBB-360971 Description| Value ---|--- Affected Website:| san-diego-theater.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/08/10 8:36 a.m.10 views

wework.com XSS vulnerability

Open Bug Bounty ID: OBB-277651 Description| Value ---|--- Affected Website:| wework.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
OSV
OSV
added 2017/06/08 6:29 p.m.5 views

CVE-2016-3091

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2017/06/08 6:29 p.m.18 views

CVE-2016-3091

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service...

7.5CVSS7.5AI score0.01227EPSS
Exploits0References1
Rows per page
Query Builder