Lucene search
K

7691 matches found

Prion
Prion
added 2017/10/20 3:29 p.m.15 views

Design/Logic Flaw

In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in...

5.8CVSS7.4AI score0.00599EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/20 3:0 p.m.14 views

CVE-2017-6144

In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in...

7.4AI score0.00599EPSS
Exploits0References1
CVE
CVE
added 2017/10/20 3:0 p.m.58 views

CVE-2017-6144

CVE-2017-6144 affects F5 BIG-IP PEM 12.1.0–12.1.2, where downloading the TAC database over HTTPS does not verify the server certificate. This enables potential man‑in‑the‑middle tampering or information disclosure by an attacker in a privileged network position. Affected components rely on TAC da...

7.4CVSS7.3AI score0.00599EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2017/10/20 10:16 a.m.23 views

QIWI: apache access.log leakage via long request on https://rapida.ru/

Issue access.log is leaked by attacker who trying send many requests. Explain: Honestly i don't know how the bug is happened, but i guess if the access.log is too large, it will dump some part into the response, and attacker happily get it. Reproduce: 1. Access to https://rapida.ru/search/?q= 2...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/10/20 12:0 a.m.52 views

Juniper Junos HTTPS Server Certificate AV Vulnerability (JSA10822)

According to its self-reported version number, the remote Junos device is affected by a vulnerability in that the HTTPS server certificate is not verified before downloading anti-virus updates. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104041; scriptversion"1.7"...

7.4CVSS7.2AI score0.00566EPSS
Exploits0References2
NVD
NVD
added 2017/10/19 5:29 p.m.13 views

CVE-2017-10166

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: C Oracle SSL API. Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromis...

4.3CVSS2.6AI score0.01471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2017/10/19 5:0 p.m.11 views

CVE-2017-10166

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware subcomponent: C Oracle SSL API. Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromis...

5.2AI score0.01471EPSS
Exploits0References3
Apple
Apple
added 2017/10/17 9:10 a.m.93 views

About the security content of Apple Support 1.2 for iOS - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

5.3CVSS5.1AI score0.00918EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/10/17 12:0 a.m.291 views

SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)

At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM Trusted Platform Module produced by Infineon Technologies. A third party may be able to recover the private key from the certificate's public key. This may...

5.9CVSS6.9AI score0.09825EPSS
Exploits0References7
Kitploit
Kitploit
added 2017/10/16 1:30 p.m.35 views

changeme - A Default Credential Scanner

A default credential scanner. About Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2017/10/14 10:0 p.m.111 views

Anti-DDOS - Anti DDOS Bash Script

Programming Languages : BASH RUN root@ismailtasdelen: bash ./anti-ddos.sh Cloning an Existing Repository Clone with HTTPS git clone https://github.com/ismailtasdelen/Anti-DDOS.git Cloning an Existing Repository Clone withSSH git clone [email protected]:ismailtasdelen/Anti-DDOS.git Download...

7.3AI score
Exploits0References1
Prion
Prion
added 2017/10/13 5:29 p.m.19 views

Design/Logic Flaw

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...

5.8CVSS7.4AI score0.00566EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/10/13 5:29 p.m.25 views

CVE-2017-10620

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...

7.4CVSS7.3AI score0.00566EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/10/13 5:0 p.m.22 views

CVE-2017-10620 SRX Series: Antivirus updates are downloaded without verification

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...

7.4CVSS7.3AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2017/10/13 5:0 p.m.62 views

CVE-2017-10620

The CVE describes a vulnerability in Juniper Networks Junos OS on SRX series devices where the HTTPS server certificate is not verified before downloading antivirus updates. This allows a man-in-the-middle attacker to inject bogus signatures, potentially causing service disruption or failing to d...

7.4CVSS7.3AI score0.00566EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2017/10/13 1:33 p.m.15 views

VHostScan - Virtual Host Scanner

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 slidedeck. Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios whe...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2017/10/10 12:54 p.m.67 views

USN-3441-1: curl vulnerabilities

Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-9586...

8.1CVSS6.7AI score0.08465EPSS
Exploits0
Hacker One
Hacker One
added 2017/10/08 3:56 p.m.16 views

X (Formerly Twitter): Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)

Summary: I've identified a Blind XSS vulnerability that fires in the Mobpub Marketplace Admin Production | Sentry dashboard and can be triggered by sending a HTTPS request to an endpoint from the domain demand.mopub.com. Description: I've sent the following HTTPS request to the following URL...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2017/10/04 12:0 a.m.38 views

Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

10CVSS0.9AI score0.78269EPSS
Exploits12
n0where
n0where
added 2017/10/02 4:13 a.m.72 views

HTTP Virtual Host Scanner: VHostScan

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results...

6.8AI score
Exploits0References1
Rows per page
Query Builder