7691 matches found
CVE-2018-10100
CVE-2018-10100 affects WordPress, with the login redirect URL not validated/sanitized when HTTPS is forced (pre-4.9.5). Related issues include CVE-2018-10102, where the generator tag’s version string could enable XSS via unsanitized output. Debian and Debian-LTS advisories (DSA-4193-1, DLA-1366-1...
PortSwigger Web Security: burp does not validate the common name of the presented collaborator server certificate
Burp is not validating correctly if the presented certificate in collaborator server. It warns if it is a self signed one, but if it is a legitimate one any valid CA, it appears not to be checking the CN. This is an issue for the polling service, since it allows for the connection to be intercept...
Moxa EDR-810 Cleartext Transmission of Password Vulnerability
Summary An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as...
Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools
git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...
CVE-2017-13677
Denial-of-service DoS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes...
CVE-2017-13677
CVE-2017-13677 is a DoS vulnerability in Symantec ASG and ProxySG management consoles. A remote attacker can send crafted HTTP/HTTPS requests to trigger application crashes, affecting management-console availability. Affected are ASG and ProxySG SGOS versions prior to the specified remediations. ...
CVE-2017-13677
Denial-of-service DoS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes...
JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan
A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan. Features Scanning the Joomla CMS sites in search of components/extensions database of more than 600 components; Locate the browsable folders of component Index of ...; Locate the...
C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS
Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...
CVE-2018-1099
It has been discovered that etcd does not correctly restrict access to resources based on hostname. A remote attacker could perform a DNS-rebinding attack and trick the browser into sending requests to an etcd server on an internal network, bypassing the Same-Origin Policy. Mitigation Configure a...
hochub.com XSS vulnerability
Open Bug Bounty ID: OBB-596155 Description| Value ---|--- Affected Website:| hochub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System
Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...
Cloudflare Launches Publicly DNS-Over-HTTPS Service
Cloudflare is hoping to boost consumer privacy, reduce the threat of man-in-the-middle attacks, and speed up the internet with a new free solution for securing domain name server traffic that uses the encrypted HTTPS channel. On Sunday, the security focused content delivery network provider,...
How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service
Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System DNS resolver,...
Homematic CCU2 2.29.23 - Remote Command Execution
Homematic CCU2 2.29.23 - Remote Command Execution !/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 C...
Homematic CCU2 2.29.23 - Remote Command Execution Exploit
Exploit for cgi platform in category web applications !/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29....
How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections
This article explains how to generate and install an SSL certificate on a StoreFront server for HTTPS connections. If you have already generated an SSL certificate on one of your StoreFront servers in the StoreFront server group, you can just export the existing SSL certificate and import the...
Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF
We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...
Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback
The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...
UPDATE: Nmap 7.70 Upgrade Available!
PenTestIT RSS Feed The first exciting Nmap release of 2018 is Nmap 7.70 with improved OS and service detection capabilities in addition to an improved Npcap 0.99-r2! None of us really need any introduction to this very popular “network mapper“ which now includes an additional 9 new NSE scripts!...