Lucene search
K

7691 matches found

CVE
CVE
added 2018/04/14 1:0 p.m.148 views

CVE-2018-10100

CVE-2018-10100 affects WordPress, with the login redirect URL not validated/sanitized when HTTPS is forced (pre-4.9.5). Related issues include CVE-2018-10102, where the generator tag’s version string could enable XSS via unsanitized output. Debian and Debian-LTS advisories (DSA-4193-1, DLA-1366-1...

6.1CVSS6AI score0.03398EPSS
Exploits0References8Affected Software1
Hacker One
Hacker One
added 2018/04/14 9:38 a.m.13 views

PortSwigger Web Security: burp does not validate the common name of the presented collaborator server certificate

Burp is not validating correctly if the presented certificate in collaborator server. It warns if it is a self signed one, but if it is a legitimate one any valid CA, it appears not to be checking the CN. This is an issue for the polling service, since it allows for the connection to be intercept...

0.2AI score
Exploits0
Talos
Talos
added 2018/04/13 12:0 a.m.72 views

Moxa EDR-810 Cleartext Transmission of Password Vulnerability

Summary An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as...

8.8CVSS6.9AI score0.01049EPSS
Exploits2
Kitploit
Kitploit
added 2018/04/12 1:17 p.m.23 views

Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools

git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...

6.5AI score
Exploits0References10
NVD
NVD
added 2018/04/11 2:29 p.m.18 views

CVE-2017-13677

Denial-of-service DoS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes...

7.5CVSS7.4AI score0.0523EPSS
Exploits0References3
CVE
CVE
added 2018/04/11 2:0 p.m.68 views

CVE-2017-13677

CVE-2017-13677 is a DoS vulnerability in Symantec ASG and ProxySG management consoles. A remote attacker can send crafted HTTP/HTTPS requests to trigger application crashes, affecting management-console availability. Affected are ASG and ProxySG SGOS versions prior to the specified remediations. ...

7.5CVSS7.4AI score0.0523EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/04/11 2:0 p.m.28 views

CVE-2017-13677

Denial-of-service DoS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes...

7.4AI score0.0523EPSS
Exploits0References3
Kitploit
Kitploit
added 2018/04/07 8:49 p.m.12 views

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan

A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan. Features Scanning the Joomla CMS sites in search of components/extensions database of more than 600 components; Locate the browsable folders of component Index of ...; Locate the...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/04/06 8:39 p.m.26 views

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

8.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/04/03 2:50 p.m.32 views

CVE-2018-1099

It has been discovered that etcd does not correctly restrict access to resources based on hostname. A remote attacker could perform a DNS-rebinding attack and trick the browser into sending requests to an etcd server on an internal network, bypassing the Same-Origin Policy. Mitigation Configure a...

5.5CVSS1.7AI score0.00512EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2018/04/03 1:41 p.m.29 views

hochub.com XSS vulnerability

Open Bug Bounty ID: OBB-596155 Description| Value ---|--- Affected Website:| hochub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Kitploit
Kitploit
added 2018/04/03 12:25 p.m.252 views

Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/04/02 5:28 p.m.11 views

Cloudflare Launches Publicly DNS-Over-HTTPS Service

Cloudflare is hoping to boost consumer privacy, reduce the threat of man-in-the-middle attacks, and speed up the internet with a new free solution for securing domain name server traffic that uses the encrypted HTTPS channel. On Sunday, the security focused content delivery network provider,...

0.1AI score
Exploits0References11
The Hacker News
The Hacker News
added 2018/04/02 1:34 p.m.52 views

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System DNS resolver,...

Exploits0
exploitpack
exploitpack
added 2018/03/30 12:0 a.m.14 views

Homematic CCU2 2.29.23 - Remote Command Execution

Homematic CCU2 2.29.23 - Remote Command Execution !/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 C...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/03/30 12:0 a.m.55 views

Homematic CCU2 2.29.23 - Remote Command Execution Exploit

Exploit for cgi platform in category web applications !/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29....

10CVSS9.7AI score0.64811EPSS
Exploits2
Citrix
Citrix
added 2018/03/29 12:0 a.m.8 views

How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections

This article explains how to generate and install an SSL certificate on a StoreFront server for HTTPS connections. If you have already generated an SSL certificate on one of your StoreFront servers in the StoreFront server group, you can just export the existing SSL certificate and import the...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/03/28 3:30 p.m.63 views

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2018/03/26 9:15 a.m.14 views

Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback

The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...

6.7AI score
Exploits0References11
pentestit
pentestit
added 2018/03/20 7:24 p.m.445 views

UPDATE: Nmap 7.70 Upgrade Available!

PenTestIT RSS Feed The first exciting Nmap release of 2018 is Nmap 7.70 with improved OS and service detection capabilities in addition to an improved Npcap 0.99-r2! None of us really need any introduction to this very popular “network mapper“ which now includes an additional 9 new NSE scripts!...

4.3CVSS6.1AI score0.09825EPSS
Exploits0
Rows per page
Query Builder