7690 matches found
Gratipay: Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain
Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...
UCL Ransomware Linked to AdGholas Malvertising Group
A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit...
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
DEBIAN-CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
CVE-2017-3169
CVE-2017-3169 affects Apache HTTP Server (httpd) up to the fixed versions: 2.2.x before 2.2.33 and 2.4.x before 2.4.26. The vulnerability is a NULL pointer dereference in the httpd’s mod_ssl component when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS po...
UBUNTU-CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
RedHat Update for firefox RHSA-2017:1440-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LogPoint Detection
Detection of LogPoint. The script sends a connection request to the server and attempts to detect LogPoint and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
news.uni-duesseldorf.de XSS vulnerability
Vulnerable URL: http://www.news.uni-duesseldorf.de/fid/fid/index.php?display=%3CSCrIPT%3Ealert%28/OPENBUGBOUNTY/%29%3C/SCrIPT%3E〈=de=null=null Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
A week in security (Jun 05 – Jun 11)
Last week, we interviewed our very own Pieter Arntz to get to know him a little better. We also touched on the importance of HTTPS and focused on a new social engineering scheme that triggers on mouse movement. We also took a deeper look at LatentBot, a Trojan that is being distributed by the RIG...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1271304 include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1137332 include...
Cuvva: Session cookie without secure flag on https://underwriter.partner.cuvva.com
Issue detail The following cookie was issued by the application and does not have the secure flag set: csrf=SPncw9jJEynL2b4TYJqybsdc; Path=/; Session; HostOnly; The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of...
Information Disclosure
Moodle is vulnerable to information disclosure. Moodle redirects users from an HTTPS url to an HTTP url in auth/ldap/ntlmssoattempt.php allowing the attackers to obtain sensitive information through sniffing the network...
Credential Sniffing
Moodle is vulnerable to credential sniffing. The multi-authentication feature in the Central Authentication Service cas of Moodle doesn't use HTTPS, allowing attackers to find credentials by sniffing the network...
badminton.blue-spring.co.kr XSS vulnerability
Vulnerable URL: http://badminton.blue-spring.co.kr/gallery/admingallery.php/%27%22--!%3E%20%3Cimg%20src=x%20onerror=alert%22OPENBUGBOUNTY%22%3E?strBoardCode=adminphoto=view=47517 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS...
Rash Of Phishing Attacks Use HTTPS To Con Victims
Scammers are increasingly abusing consumer awareness of sites that encrypt data sent over the internet using HTTPS, particularly through a spike in phishing attacks that hope to win the confidence of victims by using the protocol on spoofed sites. “For quite a while now, the security community ha...