Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation Exploit

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account. Dell OpenManage Network...

RubyGems: Cross-Domain JavaScript Source File Inclusion

The page includes one or more script files from a third-party domain. XSSI is a fancy way of saying: you are including in your program, someone elses code; You don't have any control over what is in that code, and you don't have any control over the security of the server on which it is hosted...

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

htt.de XSS vulnerability

Open Bug Bounty ID: OBB-450048 Description| Value ---|--- Affected Website:| htt.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

IBM BigFix Platform BigFix Family WebUI Component Information Disclosure Vulnerability

IBM BigFix platform is IBM's dynamic integrated messaging content-driven and management system for multi-technology platforms. BigFix Family WebUI is one of the Web management interface. A security vulnerability exists in the BigFix Family WebUI component of IBM BigFix Platform 9.2.6 and earlier...

CVE-2017-1229

IBM Tivoli Endpoint Manager IBM BigFix 9.2 and 9.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle technique...

ctan.org XSS vulnerability

Vulnerable URL: https://www.ctan.org/help/json/searching/"'--! Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 33621 VIP website status:| Yes Check ctan.or...

http-security-headers NSE Script

Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...

CVE-2016-5966

IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

blak-uis.server.de XSS vulnerability

Vulnerable URL:...

Chrome to Label Some HTTP Sites 'Not Secure' in 2017

Chrome users who navigate to some HTTP sites will be notified, starting in January, they’re on a site that isn’t secure. Google said today the browser will begin explicitly labeling HTTP connections that feature either a password or credit card form as non-secure. The company said the plan is its...

zellimzillertal.info XSS vulnerability

Vulnerable URL: http://www.zellimzillertal.info/ajax/prospektbestellung.php?modul=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Basho Riak Detection (HTTP)

HTTP based detection of Basho Riak. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.105590";...

ZMap Security Scanner over HTTP

A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the ZMap security scanner to detect vulnerabilities on a target server...

babiesrus.com XSS vulnerability

Vulnerable URL: http://www.babiesrus.com/search/index.jsp?kwCatId==asdlol%27confirm%27xssposed%27%27bb=asdlol%27confirm%27xssposed%27%27bb=asdlol%27%2Bconfirm%28%27XSSPOSED%27%29%2B%27bb=1 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 21:36 G...

Internet Bug Bounty: Buffer overflow in HTTP url parsing functions

This bug report was submitted directly to the PHP bug tracker: The issue was verified and fixed on 2016-03-09. Updated HTTP packages 2.5.6 and 3.0.1 were released the same day. Following you find the bug description that has been reported to the PHP maintainers: Description The HTTP url parsing...

holidayphone.se XSS vulnerability

Vulnerable URL: http://www.holidayphone.se/"';-- Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 22:03 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1339866 Google Pagerank| 4 VIP website status:| No Check...

NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities

NETGEAR Voice Gateway 2.3.0.232.3.23 - Multiple Vulnerabilities Exploit Title: Netgear Voice Gateway Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor Discovered by: Karn Ganeshen Vendor Homepage: www.netgear.com Version: Firmware Version: V2.3.0.232.3.23 Netgear Voice Gateway...

ds61.ru XSS vulnerability

Vulnerable URL: http://www.ds61.ru/firms/?text=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1796519 Google Pagerank| 2 VIP...

CVE-2015-0220

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...