1683 matches found
Timing Attack
Overview Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character...
Juniper Networks Junos OS Fail-Open Unauthenticated Root Access Vulnerability
Junos OS is prone to a unauthenticated root access vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos";...
yannickprobst.com XSS vulnerability
Vulnerable URL: http://www.yannickprobst.com//search/site/?q= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 V...
Deliberately Insecure Web Application: OWASP WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...
The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code or cause a service failure
The vulnerability of the libstagefright component in the Android operating system arises due to buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure using a specially crafted media file...
nanopress.it XSS vulnerability
Vulnerable URL: http://www.nanopress.it/curiosita/epic-fail/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 33960 Google Pagerank| 4 VIP website status:| Yes Check nanopress.it SSL...
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...
[SECURITY] Fedora 21 Update: mongodb-2.4.13-1.fc21
Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...
[SECURITY] Fedora 22 Update: mongodb-2.6.8-1.fc22
Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...
Multiple Vulnerabilities with Kguard Digital Video Recorders
MULTIPLE VULNERABILITIES WITH KGUARD DIGITAL VIDEO RECORDERS, February 10, 2015 PRODUCT DESCRIPTION The Kguard SHA104 & SHA108 are 4ch/8ch H.264 DVRs designed for economical application. It's stylish & streamlines hardware design and excellent performance can be fast moving, competitive and an...
frcms 多处注入 (demo成功)
简要描述: rt 详细说明: 在plus/onlinepay/alipaynotify.php中 $signtype = "MD5"; //加密方式 不需修改 $alipay = new alipaynotify$partner,$securitycode,$signtype,$inputcharset,$transport; //构造通知函数信息 $verifyresult = $alipay-notifyverify; //计算得出通知验证结果 $dingdan = $outtradeno; //获取支付宝传递过来的订单号 $total =...
qemu-kvm security and bug fix update
1.5.3-60.el70.2 - kvm-pc-add-hotaddcpu-callback-to-all-machine-types.patch bz1094820 - Resolves: bz1094820 Hot plug CPU not working with RHEL6 machine types running on RHEL7 host. 1.5.3-60.el70.1 - kvm-iscsi-fix-indentation.patch bz1090978 - kvm-iscsi-correctly-propagate-errors-in-iscsiopen.patch...
Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10540/info A vulnerability is reported to affect the Sygate Personal Firewall fail-closed functionality. It is reported that the kernel-space NDIS driver does not verify the origin of messages that are received through th...
Clicksor SQL Injecti0n Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-68525' vul ID version = '1' author = 'fenghh' vulDate = '2010-05-04' createDate =...
IDevSpot iSupport 1.8 Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19964/info IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and...
openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)
imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 bnc856837 - core: Add an Icinga syntax plugin for Vim 4150 - LE/MF - core: Document dropped options logexternalcommandsuser and eventprofilingenabled 4957 - BA - core: type in spec...
FreeBSD -- Incorrect error handling in PAM policy parser
Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...
Mozilla Offers Bug Bounty for Heartbleed-like Crypto Bugs
As part of a special security bug bounty program, Mozilla Corporation is offering $10,000 to anyone who reports a qualifying security vulnerability in the new cryptography library it plans to deploy in a yet-to-be-released version of Firefox. Today, Mozilla’s security engineering team announced t...
RSA Authentication Agent for IIS Authentication Bypass Vulnerability
RSA Authentication Agent for IIS is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability
ESA-2013-067.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services IIS Security Controls Bypass Vulnerability EMC Identifier: ESA-2013-067 CVE Identifier: CVE-2013-3280 Severity Rating: CVSS v2 Base Score: 9.0...