7690 matches found
A WebSocket Manipulation Proxy: WSSiP
Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
otzyv.ru XSS vulnerability
Vulnerable URL: https://www.otzyv.ru/country/detskiyotdyh.php/1/xss" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13279 VIP website status:| Yes Check otzyv.ru SSL connection:|...
RedHat Update for python RHSA-2017:1868-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Legal Robot: Mixed Content over HTTPS
A security researcher reported that our marketing site www.legalrobot.com had some mixed content resources. While no security issue was presented by this condition, we appreciate @monish bringing this to our attention and have resolved the issue...
Two Popular IP Cameras Riddled With Vulnerabilities
Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...
CVE-2017-9491
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...
Session fixation
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...
CVE-2017-9491
The CVE-2017-9491 entry affects Comcast firmware on Cisco DPC3939, DPC3939B, DPC3941T, and Arris TG1682G devices. The underlying issue is that cookies used in the administration HTTPS session do not set the secure flag, enabling cookies to be captured if session traffic is intercepted in HTTP. Th...
CVE-2017-9491
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...
CVE-2017-11706
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only...
Rockstar Games: insecure redirect in https://www.rockstargames.com
In this report, the researcher identified an insecure redirect from HTTPS to HTTP, going from the Social Club subdomain to the main site. SSL/TLS configuration issues are out of scope, but this was an oversight that needed to be fixed. Our thanks to the researcher for pointing this out to us...
[SECURITY] [DLA 1036-1] gsoap security update
Package : gsoap Version : 2.8.7-2+deb7u1 CVE ID : CVE-2017-9765 A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflo...
RedHat Update for graphite2 RHSA-2017:1793-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device. SPDX-FileCopyrightText: 20...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1068952 include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1213932 include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1238560 include...
RedHat Update for freeradius RHSA-2017:1759-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Superior and safe user experiences with the Akamai Cloud Delivery Platform
Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...