Lucene search
K

7690 matches found

Openbugbounty
Openbugbounty
added 2017/05/25 10:24 a.m.12 views

c-and-a.com XSS vulnerability

Vulnerable URL: http://www.c-and-a.com/pl/pl/blog/searchkbl9q%253cscript%253ealert%25281%2529%253c%252fscript%253exak5h/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7379 VIP website status:| Yes Check...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/24 12:0 a.m.24 views

JVN#91438377: SSL Visibility Appliance may generate illegal RST packets

SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behi...

5.9CVSS5.8AI score0.01453EPSS
Exploits0
ICS
ICS
added 2017/05/23 12:0 a.m.46 views

Moxa OnCell

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Plaintext Storage of a Password, and Cross-Site Request Forgery AFFECTED PRODUCTS The following versions of OnCell, a...

9.8CVSS10AI score0.01532EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/05/22 5:50 p.m.39 views

Cuvva: cuvva.com vulnerable to sweet32

To the Cuvva security team, i was going through your website and i thought to look for latest cryptographic issues as the website uses SSL/TLS i.e,HTTPS target: https:cuvva.com:443 so i quickly run the nmap with ssl-enum script to look for new Vulnerability that is known as "SWEET32" detail about...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/05/20 8:15 a.m.48 views

Paragon Initiative Enterprises: Full directory path listing

STEP: ==================== 1. goto https://bridge.cspr.ng/login and enter your username,password 2. click "LogIn" and intercept the request 3. change the value in cookie header and add 'single quote in PHPSESSID field eg: PHPSESSID=kn7e21dpp2ocai2ckn1v147qev' 4. Forward the packet and see full pa...

0.9AI score
Exploits0
0day.today
0day.today
added 2017/05/17 12:0 a.m.85 views

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...

4CVSS0.3AI score0.04071EPSS
Exploits7
rapid7community
rapid7community
added 2017/05/09 3:6 p.m.34 views

Project Sonar - Mo' Data, Mo' Research

Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference...

6.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/05/06 8:52 p.m.8 views

store.adultshopping.com XSS vulnerability

Vulnerable URL: http://store.adultshopping.com/search'-alert'OPENBUGBOUNTY'-'/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

6.3AI score
Exploits0
Kitploit
Kitploit
added 2017/05/06 1:39 p.m.16 views

Hydra 8.5 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

7.6AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/05/04 8:28 p.m.8 views

ism-schulung.de XSS vulnerability

Vulnerable URL: http://www.ism-schulung.de/search.php?searchtxt=%22%3Eblub%3Csvg%2Fonload%3Dalert%28%2FOPENBUGBOUNTY%2F%29%3E=0=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/05/03 6:54 a.m.14 views

Weblate: Facebook share URL should be HTTPS

Hi, Related Report Issue: 225722 Navigate this URL: https://demo.weblate.org/projects/hello/master/enGB/ Find the button name "Share" Navigate to Share on facebook! I noticed that link not using HTTPS See my attached photo. Thanks,...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/05/03 2:38 a.m.19 views

Weblate: 7BO: Binary Option Robot URL should be HTTPS

SUMMARY This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Not really a security bug, but I think will be a good idea to add HTTPS on 7BO: Binary Option Robot Button. Navigate this URL:...

7.1AI score
Exploits0
Veracode
Veracode
added 2017/05/03 2:32 a.m.27 views

Denial Of Service (DoS)

crypto/dsa in github.com/golang/go is vulnerable to denial of service DoS attacks. These attacks are possible due to a flaw in the Verify function in crypto/dsa/dsa.go. It doesn't properly check parameters passed to the big integer library. This flaw can be exploited through a a public key given ...

7.5CVSS7.1AI score0.04335EPSS
Exploits0References4Affected Software2
ThreatPost
ThreatPost
added 2017/05/01 5:57 p.m.11 views

Apple Revokes Certificate Used By OSX/Dok Malware

Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...

0.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.31 views

EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility ...

8.8CVSS7.4AI score0.79651EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2017/04/28 12:0 a.m.14 views

Logrhythm Network Monitor Detection

Detection of Logrhythm Network Monitor. The script sends a connection request to the server and attempts to detect Logrhythm Network Monitor and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2017/04/27 9:57 p.m.16 views

New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic

Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apple's Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/04/27 2:10 p.m.21 views

uit.no XSS vulnerability

Vulnerable URL: https://uit.no/finn?q=1"--...

6.9AI score
Exploits0
Veracode
Veracode
added 2017/04/27 6:38 a.m.49 views

Blockwise Chosen-boundary Attacks

github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...

6.9AI score0.73327EPSS
Exploits4
Hacker One
Hacker One
added 2017/04/26 1:1 a.m.16 views

U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████

Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...

6.8AI score
Exploits0
Rows per page
Query Builder