Lucene search
K

7690 matches found

n0where
n0where
added 2017/08/08 7:45 p.m.154 views

A WebSocket Manipulation Proxy: WSSiP

Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...

0.4AI score
Exploits0References1
Exploit DB
Exploit DB
added 2017/08/08 12:0 a.m.59 views

Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

10CVSS9.5AI score0.78269EPSS
Exploits12
Openbugbounty
Openbugbounty
added 2017/08/06 5:0 a.m.12 views

otzyv.ru XSS vulnerability

Vulnerable URL: https://www.otzyv.ru/country/detskiyotdyh.php/1/xss" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13279 VIP website status:| Yes Check otzyv.ru SSL connection:|...

6.3AI score
Exploits0
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.32 views

RedHat Update for python RHSA-2017:1868-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.1AI score0.03269EPSS
Exploits1References2
Hacker One
Hacker One
added 2017/08/03 5:24 p.m.31 views

Legal Robot: Mixed Content over HTTPS

A security researcher reported that our marketing site www.legalrobot.com had some mixed content resources. While no security issue was presented by this condition, we appreciate @monish bringing this to our attention and have resolved the issue...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2017/08/03 7:0 a.m.17 views

Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...

7.7AI score
Exploits0References1
NVD
NVD
added 2017/07/31 3:29 a.m.19 views

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

5.3CVSS5.3AI score0.01283EPSS
Exploits0References1
Prion
Prion
added 2017/07/31 3:29 a.m.13 views

Session fixation

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

5CVSS7.3AI score0.01283EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2017/07/31 3:0 a.m.44 views

CVE-2017-9491

The CVE-2017-9491 entry affects Comcast firmware on Cisco DPC3939, DPC3939B, DPC3941T, and Arris TG1682G devices. The underlying issue is that cookies used in the administration HTTPS session do not set the secure flag, enabling cookies to be captured if session traffic is intercepted in HTTP. Th...

5.3CVSS5.3AI score0.01283EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/31 3:0 a.m.22 views

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

5.3AI score0.01283EPSS
Exploits0References1
NVD
NVD
added 2017/07/28 5:29 a.m.12 views

CVE-2017-11706

The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only...

7.5CVSS7.5AI score0.0141EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/07/27 6:27 p.m.18 views

Rockstar Games: insecure redirect in https://www.rockstargames.com

In this report, the researcher identified an insecure redirect from HTTPS to HTTP, going from the Social Club subdomain to the main site. SSL/TLS configuration issues are out of scope, but this was an oversight that needed to be fixed. Our thanks to the researcher for pointing this out to us...

1.6AI score
Exploits0
Debian
Debian
added 2017/07/24 7:19 p.m.72 views

[SECURITY] [DLA 1036-1] gsoap security update

Package : gsoap Version : 2.8.7-2+deb7u1 CVE ID : CVE-2017-9765 A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflo...

8.1CVSS8.7AI score0.21894EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/07/21 12:0 a.m.38 views

RedHat Update for graphite2 RHSA-2017:1793-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.05216EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2017/07/20 12:0 a.m.19 views

Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device. SPDX-FileCopyrightText: 20...

7.5CVSS7.6AI score0.01963EPSS
Exploits0References1
Metasploit
Metasploit
added 2017/07/18 6:13 p.m.42 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1068952 include...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2017/07/18 6:13 p.m.39 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1213932 include...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2017/07/18 6:13 p.m.36 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1238560 include...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2017/07/18 12:0 a.m.24 views

RedHat Update for freeradius RHSA-2017:1759-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.22202EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2017/07/17 1:23 p.m.48 views

Superior and safe user experiences with the Akamai Cloud Delivery Platform

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...

6.8AI score
Exploits0
Rows per page
Query Builder