Lucene search
K

7691 matches found

The Hacker News
The Hacker News
added 2018/03/20 10:8 a.m.60 views

Apple Blocks Sites From Abusing HSTS Security Standard to Track Users

If you are unaware, the security standard HTTP Strict Transport Security HSTS can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source...

6.3AI score
Exploits0
Kitploit
Kitploit
added 2018/03/19 1:0 p.m.110 views

GetAltName - Get Subject Alt Name From SSL Certificates

GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your...

7AI score
Exploits0References1
0day.today
0day.today
added 2018/03/16 12:0 a.m.68 views

SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning...

7.1AI score0.29229EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/03/15 12:2 p.m.103 views

USN-3598-1: curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue t...

9.8CVSS7AI score0.12058EPSS
Exploits0
Kitploit
Kitploit
added 2018/03/14 12:55 p.m.29 views

JoomScan 0.0.5 - OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan short for Joomla Vulnerability Scanner is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is bei...

7.6AI score
Exploits0References1
OSV
OSV
added 2018/03/09 7:29 p.m.4 views

CVE-2016-0275

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

3.3CVSS5.8AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2018/03/09 7:29 p.m.18 views

CVE-2016-0275

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

3.3CVSS3.3AI score0.00285EPSS
Exploits0References1
Prion
Prion
added 2018/03/09 7:29 p.m.15 views

Information disclosure

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

2.1CVSS6AI score0.00285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/09 7:0 p.m.20 views

CVE-2016-0275

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

3.3AI score0.00285EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.21 views

openSUSE Security Update : shotwell (openSUSE-2018-239)

This update for shotwell fixes the following issues : Security issue fixed : - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins bsc1054311. This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

7.5CVSS7.2AI score0.01209EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.23 views

SUSE SLED12 Security Update : shotwell (SUSE-SU-2018:0637-1)

This update for shotwell fixes the following issues: Security issue fixed : - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins bsc1054311. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

7.5CVSS7.2AI score0.01209EPSS
Exploits0References4
OSV
OSV
added 2018/03/08 5:7 p.m.4 views

SUSE-SU-2018:0637-1 Security update for shotwell

This update for shotwell fixes the following issues: Security issue fixed: - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins bsc1054311...

7.5CVSS7.6AI score0.01209EPSS
Exploits0References3
Kitploit
Kitploit
added 2018/03/07 8:3 p.m.21 views

CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds. How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs. For more information about CT logs, check...

6.9AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2018/03/07 1:7 p.m.28 views

Make way for HTTPS - Starting July 2018, Google Chrome will mark all HTTP sites as "not secure"

Days of clear-text HTTP, the original but insecure foundation for data communication over the web, are numbered. Over the past few years, Google and others such as the Internet Architecture Board, Mozilla, and Apple have nudged developers to encrypt and authenticate their websites using HTTPS whi...

6.3AI score
Exploits0
n0where
n0where
added 2018/02/28 2:35 a.m.49 views

Advanced Network Monitoring & MITM Attack Framework: Bettercap

Evil socket just announced the release of the second generation of bettercap , a complete re-implementation of the most complete and advanced Man-in-the-Middle attack framework. This release not only brings MITM attacks to the next level, but it aims to be the reference framework for network...

7.3AI score
Exploits0References7
OpenVAS
OpenVAS
added 2018/02/28 12:0 a.m.31 views

ClipBucket <= 4.0.0 Multiple Vulnerabilities

ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; if...

10CVSS8.3AI score0.16414EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2018/02/27 12:0 a.m.12 views

Microsoft Identity Manager Detection

Detection of Microsoft Identity Manager. The script sends a connection request to the server and attempts to detect Microsoft Identity Manager and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

7.2AI score
Exploits0References1
Hacker One
Hacker One
added 2018/02/25 12:56 p.m.47 views

Node.js third-party modules: `https-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

I would like to report a Buffer allocation vulnerability in https-proxy-agent. In setups where auth argument is user-controlled, it allows to: 1. cause Denial of Service by trivially consuming all the available CPU resources 2. extract uninitialized memory chunks from the server on Node.js This...

6.6AI score
Exploits0
n0where
n0where
added 2018/02/24 4:17 p.m.201 views

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

Exploits0References2
Prion
Prion
added 2018/02/21 4:29 p.m.12 views

Design/Logic Flaw

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID:...

4.3CVSS6.3AI score0.0105EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder