boracayinfo.siteslot.com Open Redirect vulnerability

Vulnerable URL: http://boracayinfo.siteslot.com/Redirect.php?target=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated V...

wget security update

CentOS Errata and Security Advisory CESA-2016:2587 An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2016-0372

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Design/Logic Flaw

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

Session fixation

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

GNU Wget < 1.18 - Access List Bypass / Race Condition

''' ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html - CVE-2016-7098 - Release date: 24.11.2016 - Revision 1.0 - Severity:...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

Null pointer dereference

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9562

CVE-2016-9562 affects SAP NetWeaver AS JAVA 7.4. The vulnerability allows remote DoS via an HTTPS GET to sap.com~P4TunnelingApp!web/myServlet, caused by a fault in icman/p4 plug-in handling that can trigger a null-pointer/DoS condition. Affected packages include SAP Kernel 7.21/7.22 variants; imp...

SAP NetWeaver AS JAVA 7.4 Denial Of Service

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: Denial of Service Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2313835 Author: Vahagn Vardanyan...

[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

PoisonTap Steals Cookies, Drops Backdoors From Password Protected Computers

Even locked, password-protected computers are no rival for Samy Kamkar and his seemingly endless parade of gadgets. His latest, PoisonTap, is a $5 Raspberry Pi Zero device running Node.js that’s retrofitted to emulate an Ethernet device over USB. Assuming a victim has left their web browser open,...

Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)

Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...

Paragon Initiative Enterprises: Incorrect detection of onion URLs

Several places have incorrect code to detect if URL point to .onion domain tor hidden server: The following regexes: 1. ^https://^/:+.onion:?:0-9+ 2. ^https?://^/+.onion which is used in: https://github.com/paragonie/airship/blob/0e9289553cdc538556d362faaee63be6cc534a0c/src/Engine/Hail.phpL223...

Half of Chrome Pageloads are HTTPS

First it was Mozilla, and now Google is the latest to confirm that encryption is inching closer toward becoming a standard building block for websites and web applications. Google reported yesterday that more than half of pages loaded on desktop versions of the Chrome browser are being done so ov...

RedHat Update for curl RHSA-2016:2575-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...