Lucene search
K

7690 matches found

Hacker One
Hacker One
added 2017/06/21 7:20 a.m.23 views

Gratipay: Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain

Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...

Exploits0
ThreatPost
ThreatPost
added 2017/06/20 2:27 p.m.94 views

UCL Ransomware Linked to AdGholas Malvertising Group

A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit...

10CVSS0.3AI score0.94354EPSS
Exploits16References4
NVD
NVD
added 2017/06/20 1:29 a.m.22 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS9.4AI score0.19953EPSS
Exploits0References42
OSV
OSV
added 2017/06/20 1:29 a.m.1 views

DEBIAN-CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS7AI score0.19953EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2017/06/20 1:0 a.m.51 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS9.7AI score0.19953EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/06/20 1:0 a.m.45 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS6.7AI score0.19953EPSS
Exploits0
CVE
CVE
added 2017/06/20 1:0 a.m.5921 views

CVE-2017-3169

CVE-2017-3169 affects Apache HTTP Server (httpd) up to the fixed versions: 2.2.x before 2.2.33 and 2.4.x before 2.4.26. The vulnerability is a NULL pointer dereference in the httpd’s mod_ssl component when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS po...

9.8CVSS9.4AI score0.19953EPSS
Exploits0References42Affected Software1
OSV
OSV
added 2017/06/19 12:0 a.m.4 views

UBUNTU-CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS6.7AI score0.19953EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/06/19 12:0 a.m.56 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

9.8CVSS6.8AI score0.19953EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2017/06/15 12:0 a.m.44 views

RedHat Update for firefox RHSA-2017:1440-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.05216EPSS
Exploits11References2
OpenVAS
OpenVAS
added 2017/06/13 12:0 a.m.24 views

LogPoint Detection

Detection of LogPoint. The script sends a connection request to the server and attempts to detect LogPoint and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/06/12 7:45 p.m.11 views

news.uni-duesseldorf.de XSS vulnerability

Vulnerable URL: http://www.news.uni-duesseldorf.de/fid/fid/index.php?display=%3CSCrIPT%3Ealert%28/OPENBUGBOUNTY/%29%3C/SCrIPT%3E〈=de=null=null Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/12 4:58 p.m.14 views

A week in security (Jun 05 – Jun 11)

Last week, we interviewed our very own Pieter Arntz to get to know him a little better. We also touched on the importance of HTTPS and focused on a new social engineering scheme that triggers on mouse movement. We also took a deeper look at LatentBot, a Trojan that is being distributed by the RIG...

7AI score
Exploits0
Metasploit
Metasploit
added 2017/06/09 7:15 a.m.35 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1271304 include...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2017/06/09 7:15 a.m.181 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1137332 include...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/06/05 7:43 a.m.57 views

Cuvva: Session cookie without secure flag on https://underwriter.partner.cuvva.com

Issue detail The following cookie was issued by the application and does not have the secure flag set: csrf=SPncw9jJEynL2b4TYJqybsdc; Path=/; Session; HostOnly; The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of...

6.7AI score
Exploits0
Veracode
Veracode
added 2017/06/01 5:52 a.m.17 views

Information Disclosure

Moodle is vulnerable to information disclosure. Moodle redirects users from an HTTPS url to an HTTP url in auth/ldap/ntlmssoattempt.php allowing the attackers to obtain sensitive information through sniffing the network...

5CVSS5.4AI score0.02105EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2017/05/31 5:56 a.m.17 views

Credential Sniffing

Moodle is vulnerable to credential sniffing. The multi-authentication feature in the Central Authentication Service cas of Moodle doesn't use HTTPS, allowing attackers to find credentials by sniffing the network...

5CVSS6.1AI score0.01311EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2017/05/28 12:34 p.m.10 views

badminton.blue-spring.co.kr XSS vulnerability

Vulnerable URL: http://badminton.blue-spring.co.kr/gallery/admingallery.php/%27%22--!%3E%20%3Cimg%20src=x%20onerror=alert%22OPENBUGBOUNTY%22%3E?strBoardCode=adminphoto=view=47517 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/26 8:0 a.m.11 views

Rash Of Phishing Attacks Use HTTPS To Con Victims

Scammers are increasingly abusing consumer awareness of sites that encrypt data sent over the internet using HTTPS, particularly through a spike in phishing attacks that hope to win the confidence of victims by using the protocol on spoofed sites. “For quite a while now, the security community ha...

7.1AI score
Exploits0References2
Rows per page
Query Builder