7690 matches found
c-and-a.com XSS vulnerability
Vulnerable URL: http://www.c-and-a.com/pl/pl/blog/searchkbl9q%253cscript%253ealert%25281%2529%253c%252fscript%253exak5h/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7379 VIP website status:| Yes Check...
JVN#91438377: SSL Visibility Appliance may generate illegal RST packets
SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behi...
Moxa OnCell
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Plaintext Storage of a Password, and Cross-Site Request Forgery AFFECTED PRODUCTS The following versions of OnCell, a...
Cuvva: cuvva.com vulnerable to sweet32
To the Cuvva security team, i was going through your website and i thought to look for latest cryptographic issues as the website uses SSL/TLS i.e,HTTPS target: https:cuvva.com:443 so i quickly run the nmap with ssl-enum script to look for new Vulnerability that is known as "SWEET32" detail about...
Paragon Initiative Enterprises: Full directory path listing
STEP: ==================== 1. goto https://bridge.cspr.ng/login and enter your username,password 2. click "LogIn" and intercept the request 3. change the value in cookie header and add 'single quote in PHPSESSID field eg: PHPSESSID=kn7e21dpp2ocai2ckn1v147qev' 4. Forward the packet and see full pa...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference...
store.adultshopping.com XSS vulnerability
Vulnerable URL: http://store.adultshopping.com/search'-alert'OPENBUGBOUNTY'-'/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
Hydra 8.5 - Network Logon Cracker
A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...
ism-schulung.de XSS vulnerability
Vulnerable URL: http://www.ism-schulung.de/search.php?searchtxt=%22%3Eblub%3Csvg%2Fonload%3Dalert%28%2FOPENBUGBOUNTY%2F%29%3E=0=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
Weblate: Facebook share URL should be HTTPS
Hi, Related Report Issue: 225722 Navigate this URL: https://demo.weblate.org/projects/hello/master/enGB/ Find the button name "Share" Navigate to Share on facebook! I noticed that link not using HTTPS See my attached photo. Thanks,...
Weblate: 7BO: Binary Option Robot URL should be HTTPS
SUMMARY This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Not really a security bug, but I think will be a good idea to add HTTPS on 7BO: Binary Option Robot Button. Navigate this URL:...
Denial Of Service (DoS)
crypto/dsa in github.com/golang/go is vulnerable to denial of service DoS attacks. These attacks are possible due to a flaw in the Verify function in crypto/dsa/dsa.go. It doesn't properly check parameters passed to the big integer library. This flaw can be exploited through a a public key given ...
Apple Revokes Certificate Used By OSX/Dok Malware
Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...
EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility ...
Logrhythm Network Monitor Detection
Detection of Logrhythm Network Monitor. The script sends a connection request to the server and attempts to detect Logrhythm Network Monitor and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...
New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apple's Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac...
uit.no XSS vulnerability
Vulnerable URL: https://uit.no/finn?q=1"--...
Blockwise Chosen-boundary Attacks
github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...
U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████
Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...