7690 matches found
Open redirect
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the requiressl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack...
azymut.pl XSS vulnerability
Vulnerable URL: https://www.azymut.pl/mw/?m=2=%3Csvg%20onload=alert%27XSSPOSED%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 465832 VIP website status:| No Check azymut.pl S...
Fedora 26 : php-pear-CAS (2017-2f3096ba16)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Apache HTTP Server 'mod_http2' Denial-Of-Service Vulnerability - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-5152
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the requiressl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack...
CVE-2015-5152
CVE-2015-5152 affects Foreman versions 1.1 through 1.9.0-RC1, where HTTP requests are not redirected to HTTPS when require_ssl is true, enabling a MITM to capture credentials. Root cause is lack of HTTP-to-HTTPS redirection under the require_ssl setting. Impact is credential leakage via network a...
a.com.mx XSS vulnerability
Vulnerable URL: http://www.a.com.mx/noticiassup.php?id=%3C/script%3E%27;,%27%22/%3E%3CsVg/oNLoad=promptOPENBUGBOUNTY%3E2 Details: Description| Value ---|--- Patched:| Yes, at 06.10.2017 Latest check for patch:| 06.10.2017 05:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclose...
WinPayloads: Generate Undetectable Windows Payloads!
PenTestIT RSS Feed An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. What is...
Pelco VideoXpert Detection
Detection of Pelco VideoXpert. The script sends a connection request to the server and attempts to detect Pelco VideoXpert. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Network OSINT Gathering Tool: XRay
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...
Git downloads over HTTP
SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...
Let's Encrypt to Offer Wildcard Certificates in 2018
Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018. Wildcard certificates are public key certificates that can be used with multiple subdomains of a domain. The certificates are traditionally viewed as less expensive and more convenient by...
blog.interracialgaysexvideos.com XSS vulnerability
Vulnerable URL: http://blog.interracialgaysexvideos.com/?nats=t" onmouseover=alert/OPENBUGBOUNTY/;MC4wLjExMy4xMTQuMC4wLjAuMC4w Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...
Majority of Sites Fail Mozilla's Comprehensive Security Review
A majority of the top 1 million websites earn an “F” letter grade when it comes to adopting defensive security technology that protect visitors from XSS vulnerabilities, man-in-the-middle attacks, and cookie hijacking. The failing grades come from a comprehensive analysis published this week by t...
Gratipay: Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain
Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...
Hiding SSH Servers Behind HTTP: sshttp
Hiding SSH Servers Behind HTTP In case your FW policy forbids SSH access to the DMZ or internal network from outside, but you still want to use ssh on machines which only have one open port, e.g. HTTP , you can use sshttpd . sshttpd can multiplex the following protocol pairs: SSH/HTTP SSH/HTTPS...
Code injection
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates...
CVE-2017-3218
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates...
CVE-2017-3218
CVE-2017-3218 affects Samsung Magician updating mechanism. Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software updates; earlier versions use HTTP for updates. This flaw can allow a man-in-the-middle or trusted-network attacker to cause the updater to execute arbitrary code ...
Paragon Initiative Enterprises: Non-secure requests are not automatically upgraded to HTTPS
Non-secure requests to bridge.cspr.ng e.g. http://bridge.cspr.ng/ are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because bridge.cspr.ng is HSTS preloaded. When a domain is...