24 matches found
EUVD-2017-18034
Malware in sbrugna...
regal-diving.co.uk Cross Site Scripting vulnerability OBB-3765181
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
A Bootiful Podcast: Spring and Java community legend Marten Deinum
Hi, Spring fans! In this installment, Josh Long @starbuxman talks to longtime Spring community member and legend Marten Deinum @mdeinum about scuba diving, software, Spring, community, and more. Also: I fixed the odd silence in the middle of the last few episodes! thanks for suffering through it...
wts-diving-center.com Cross Site Scripting vulnerability OBB-2155376
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Domain dumpster diving
By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not a...
Friday Squid Blogging: Newly Identified Ichthyosaur Species Probably Ate Squid
This is a deep-diving species that "fed on small prey items such as squid." Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Diving Log 6.0 - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits + Exploit Title: Diving Log 6.0 XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version...
Diving Log 6.0 XML External Entity Injection
Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...
Diving Log 6.0 - XML External Entity Injection
Diving Log 6.0 - XML External Entity Injection + Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt...
Diving Log 6.0 - XML External Entity Injection
Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...
Diving Log dive.xml File Information Disclosure Vulnerability
Diving Log is a dive log management software. The software supports data import, log printing and log sharing. A security vulnerability exists in Diving Log version 6.0. A remote attacker can exploit this vulnerability to view local files with the help of a specially crafted dive.xml file...
CVE-2017-9095
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...
Xxe
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...
CVE-2017-9095
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...
CVE-2017-9095
CVE-2017-9095 affects Diving Log 6.0 and is an XML External Entity (XXE) vulnerability in the dive.xml import workflow (Subsurface import). An attacker can disclose local files via a crafted dive.xml file. Public exploit references document an XXE payload and steps to exfiltrate data to a remote ...
CVE-2017-9095
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...
PT-2017-18698 · Diving Log · Diving Log
Name of the Vulnerable Software and Affected Versions: Diving Log version 6.0 Description: The issue allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. This is related to an XXE XML External Entity issue. Recommendations: F...
F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
Ghosts in the Bank
It was a dark night. A car pulled up in the parking space next to me and quickly extinguished his lights. I looked out the my window and saw the driver. He gave me a quick nod and we exited our cars. Opening the trunk I pulled out my tools for the night. A backpack full of trash bags, a flash...
diving-bosna.com.ba XSS vulnerability
Open Bug Bounty ID: OBB-147452 Description| Value ---|--- Affected Website:| diving-bosna.com.ba Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...