7691 matches found
The Update cannot be installed due to the websites configuration issue
Challenge The Update cannot be installed. The installation fails with the error message: "The object identifier does not represent a valid object. Exception from HRESULT: 0x800710D8" Cause Veeam ONE websites do not have proper bindings on the Internet Information Services IIS side. Solution To fi...
samling.nasjonalmuseet.no XSS vulnerability
Open Bug Bounty ID: OBB-613423 Description| Value ---|--- Affected Website:| samling.nasjonalmuseet.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
D-Link DIR-601 Failed Password Change Control Vulnerability
Exploit for hardware platform in category web applications Suggested description D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. ------------------------------------------ Additional Information Insecure Authentication Practices i...
Semmle: Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
Summary: Docker Registry HTTP API v2 is exposed in HTTP without authentication. An attacker can use it to dump your docker images and poison them. Description: While digging into the environment that hosts the sandboxed build container, I came across the port 5000 open on another machine probably...
Ed: Session cookie missing SecureFlag on git.edoverflow.com.
Assigned to:-ED Assigned by:- Kirtikumar Anandrao Ramchandani Assigned on:- 01/05/2018 Bug overview:- Session Cookie without secure flag. Cookie Name:- gitlabsession Description:-Risk description: Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel...
Debian DLA-1366-1 : wordpress security update
Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2018-10100 The redirection URL for the login page was not validated or sanitized if forced to use HTTPS. CVE-2018-10102 The version string w...
Use the password reset functions to achieve account-hijacking-vulnerability warning-the black bar safety net
Recently, I attended a platform to invite vulnerability testing project, in which the discovery of a unique account hijacking vulnerability, the entire vulnerability discovery process very unexpected but also very lucky, by the password reset function can be achieved account hijacking, and I will...
Denial of Service
Overview Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later. References - index.js Line 207 - HackerOne Report - GitHub Advisory...
CVE-2018-2765
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: Oracle SSL API. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...
CVE-2018-2760
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...
Design/Logic Flaw
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...
CVE-2018-2760
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OSSL Module. Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server...
CVE-2018-2765
CVE-2018-2765 affects Oracle Fusion Middleware’s Security Service component (subcomponent: Oracle SSL API). Affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated attacker with network access via HTTPS to access Oracle Security Service data, po...
CVE-2018-2765
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: Oracle SSL API. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
Hardcoded credentials
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
CVE-2018-10100
CVE-2018-10100 affects WordPress, with the login redirect URL not validated/sanitized when HTTPS is forced (pre-4.9.5). Related issues include CVE-2018-10102, where the generator tag’s version string could enable XSS via unsanitized output. Debian and Debian-LTS advisories (DSA-4193-1, DLA-1366-1...