Lucene search
K

7690 matches found

Hacker One
Hacker One
added 2017/09/29 1:50 a.m.19 views

Legal Robot: External links should be served in HTTPS.

Summary: This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: https://www.legalrobot.com/events/2017/06/12/ICAIL/ Some of the External Links on that Page redirects to HTTPS after...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/29 12:0 a.m.38 views

Debian DSA-3985-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. - CVE-2017-5113 A buffer overflow issue was discover...

8.8CVSS7.4AI score0.26331EPSS
Exploits0References26
Openbugbounty
Openbugbounty
added 2017/09/27 9:14 a.m.12 views

offenburg.de XSS vulnerability

Vulnerable URL: https://www.offenburg.de/html/misc/searchinterface.html?searchterm=test%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%27OPENBUGBOUNTY%27%29%3E&show-amount-results;=15 Details: Description| Value ---|--- Patched:| Yes, at 16.01.2018 Latest check for patch:| 16.01.2018 09:44 GMT...

6.3AI score
Exploits0
KoreLogic Security
KoreLogic Security
added 2017/09/25 12:0 a.m.11 views

Solarwinds LEM Insecure Update Process

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/09/22 9:0 a.m.11 views

Threatpost News Wrap, September 22, 2017

Mike Mimoso and Chris Brook recap the news of the week and look back at the Equifax saga so far. They also discuss a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords. Download: ThreatpostNewsWrapSeptember222017.mp3 Show notes: Equifa...

0.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2017/09/20 2:20 p.m.16 views

What Triggers HTTPS Chrome Browser Warnings?

A lot of hours go into debugging the cause of and tweaking the HTTPS error warnings that pop up in Google’s Chrome browser. Researchers from Google, Purdue University, the International Institute of Information Technology Hyderabad, and the Leibniz University of Hanover Germany have spent the las...

6.9AI score
Exploits0References15
Hacker One
Hacker One
added 2017/09/18 5:57 p.m.29 views

Legal Robot: External links to be in HTTP

Hello Legal Robot Team On looking to 260591 report i saw on the main page https://www.legalrobot.com/ that some external links are not set to be in https On clicking in that links i get redirected on https. Check the attachment and see the other circled one also appears to be same issue. Thanks...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2017/09/18 12:0 a.m.16 views

DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)

DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digiaffiliate.asp?id=7 Demo:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/18 12:0 a.m.34 views

Digirez 3.4 - Cross-Site Request Forgery (Update Admin)

!/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo: http://www.digiappz.com/room/index.asp Version: 3.4 Category: Webapps Test...

7.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/09/17 12:0 a.m.56 views

mod_gnutls: Certificate validation error

Background modgnutls is an extension for ​Apache’s httpd. It uses the ​GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...

5CVSS6.5AI score0.0325EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2017/09/16 4:37 a.m.10 views

painswick-pc.gov.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-296544 Description| Value ---|--- Affected Website:| painswick-pc.gov.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

6.7AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2017/09/15 12:22 p.m.70 views

Security update for chromium (important)

This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium boo1057364. - CVE-2017-5112: Heap buffer overflow in WebGL boo1057364. - CVE-2017-5113: Heap buffer overflow in Skia boo1057364. - CVE-2017-5114: Memo...

0.9AI score0.26331EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/09/15 12:11 p.m.56 views

Security update for chromium (important)

This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium boo1057364. - CVE-2017-5112: Heap buffer overflow in WebGL boo1057364. - CVE-2017-5113: Heap buffer overflow in Skia boo1057364. - CVE-2017-5114: Memo...

0.9AI score0.26331EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/09/15 12:5 p.m.36 views

Boozt Fashion AB: booztfashion.com URL should HTTPS

hi team .. l click to Investor Relations on http://www.boozt.com/ outgoing links not use HTTPS please fix soon This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: http://www.boozt.c...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/09/15 11:28 a.m.18 views

Legal Robot: Venturebeat.com URL should be HTTPS

This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Navigate to: https://www.legalrobot-uat.com/ Example page In the lower part where you find the observer.com Link: observer redirect to HTTPS after click, but cookie is sent on the network before...

6.8AI score
Exploits0
OSV
OSV
added 2017/09/15 5:1 a.m.6 views

OPENSUSE-SU-2017:2482-1 Security update for chromium

This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium boo1057364. - CVE-2017-5112: Heap buffer overflow in WebGL boo1057364. - CVE-2017-5113: Heap buffer overflow in Skia boo1057364. - CVE-2017-5114: Memo...

8.8CVSS7.6AI score0.26331EPSS
Exploits0References12
OSV
OSV
added 2017/09/15 5:1 a.m.9 views

OPENSUSE-SU-2017:2491-1 Security update for chromium

This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium boo1057364. - CVE-2017-5112: Heap buffer overflow in WebGL boo1057364. - CVE-2017-5113: Heap buffer overflow in Skia boo1057364. - CVE-2017-5114: Memo...

8.8CVSS7.6AI score0.26331EPSS
Exploits0References12
Hacker One
Hacker One
added 2017/09/14 2:11 p.m.59 views

Tor: solving TOR vulnerability, in other to make bruteforce difficult

Vulnerability description not provided...

5CVSS6AI score0.71634EPSS
Exploits1
CNVD
CNVD
added 2017/09/14 12:0 a.m.2 views

D-Link DIR-850L REV.A and REV.B Password Disclosure Vulnerability (CNVD-2017-31787)

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and firmware FW208WWb02 and prior versions stems from the program using the same...

7.5CVSS7.6AI score0.01288EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/09/13 5:0 p.m.21 views

CVE-2017-14422

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

8.1AI score0.01288EPSS
Exploits1References1
Rows per page
Query Builder