Lucene search
K

7691 matches found

KoreLogic Security
KoreLogic Security
added 2018/02/08 12:0 a.m.16 views

NetEx HyperIP Privilege Escalation Vulnerability

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Privilege Escalation Attack vector: HTTPS 2. Vulnerability Description Privileges can be escalated by abusing...

0.2AI score
Exploits0Affected Software1
KoreLogic Security
KoreLogic Security
added 2018/02/08 12:0 a.m.8 views

NetEx HyperIP Post-Auth Command Execution

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command, CWE-250: Execution with Unnecessary Privileges Impact: Arbitrary Command...

0.6AI score
Exploits0Affected Software1
KoreLogic Security
KoreLogic Security
added 2018/02/08 12:0 a.m.10 views

Trend Micro IMSVA Management Portal Authentication Bypass

Vulnerability Details Affected Vendor: Trend Micro Affected Product: InterScan Mail Security Virtual Apppliance Affected Version: 9.1.0.1600 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-219: Sensitive Data Under Web Root Impact: Authentication...

7.3AI score
Exploits0Affected Software1
KoreLogic Security
KoreLogic Security
added 2018/02/08 12:0 a.m.22 views

NetEx HyperIP Local File Inclusion Vulnerability

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path, CWE-592: Authentication Bypass Issues Impact: Arbitrary Filesystem Reads Attack vector: HTTPS 2...

Exploits0Affected Software1
Metasploit
Metasploit
added 2018/02/07 2:6 p.m.47 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1519544 include...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/02/07 12:0 a.m.35 views

Debian: Security Advisory (DLA-1036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.2AI score0.21894EPSS
Exploits2References3
exploitpack
exploitpack
added 2018/02/05 12:0 a.m.68 views

HPE iLO 4 2.53 - Add New Administrator User

HPE iLO 4 2.53 - Add New Administrator User !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...

10CVSS0.1AI score0.99335EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/02/05 12:0 a.m.118 views

HPE iLO 4 < 2.53 - Add New Administrator User

!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...

10CVSS9.5AI score0.99335EPSS
Exploits9
Information Security Automation
Information Security Automation
added 2018/02/04 9:51 p.m.48 views

Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted

The last time I was developing dynamic web applications years ago. I used CGI and PHP back then. Now I am really interested in a modern approach, when you have a Single Page Web Application SPA written in HTML and JavaScript, that makes http requests to some external API. It's pretty cool, becaus...

6.6AI score
Exploits0
Veracode
Veracode
added 2018/02/02 2:33 a.m.17 views

Man-in-the-Middle (MitM)

cordova-android is vulnerable to man-in-the-middle MitM attacks. These attacks are possible because the Gradle distribution is downloaded using http, not https. This download happens when the project is build using scripts, the first build or the first time Android is added to cordova...

7.4CVSS7.7AI score0.03825EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/02/01 9:29 p.m.13 views

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

7.4CVSS7.4AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2018/02/01 8:52 p.m.13 views

lust24.ch XSS vulnerability

Open Bug Bounty ID: OBB-551234 Description| Value ---|--- Affected Website:| lust24.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Ubuntu
Ubuntu
added 2018/02/01 12:1 a.m.60 views

USN-3554-2: curl vulnerability

USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information...

9.8CVSS7.1AI score0.08031EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/01/31 10:17 p.m.61 views

USN-3554-1: curl vulnerabilities

It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication...

9.8CVSS7AI score0.08031EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/26 1:5 a.m.15 views

disc-order.com XSS vulnerability

Open Bug Bounty ID: OBB-547179 Description| Value ---|--- Affected Website:| disc-order.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
NVD
NVD
added 2018/01/24 3:29 p.m.19 views

CVE-2018-6018

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic...

9.1CVSS8.5AI score0.00987EPSS
Exploits0References2
Prion
Prion
added 2018/01/24 3:29 p.m.21 views

Code injection

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic...

6.4CVSS8.2AI score0.00987EPSS
Exploits0References2
CVE
CVE
added 2018/01/24 3:0 p.m.49 views

CVE-2018-6018

CVE-2018-6018 affects the Tinder iOS and Tinder Android apps. The underlying issue is described as fixed sizes of HTTPS responses, which enables an attacker to sniff network traffic and extract private, sensitive information. Connected sources corroborate a Match Group Tinder information disclosu...

9.1CVSS8.3AI score0.00987EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/01/24 3:0 p.m.14 views

CVE-2018-6018

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic...

8.6AI score0.00987EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2018/01/22 4:54 p.m.21 views

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts. The game...

Exploits0References1
Rows per page
Query Builder