CVE-2016-7090

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2016-7090

CVE-2016-7090 affects Siemens SCALANCE M-800 and S615 modules with firmware before 4.02. The integrated web server fails to set the Secure attribute on the session cookie in HTTPS, enabling cookie capture if the cookie is transmitted in an insecure (HTTP) context. Affected products: SCALANCE M-80...

Remote Utilities Listening Server Hostname Detection

Binary data 9587.prm...

Remote Utilities Listening Server Version Detection

Binary data 9585.prm...

NetMan 204 - Backdoor Account Vulnerability

Exploit for hardware platform in category remote exploits NetMan 204 - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NetMan 204 Vendor: http://www.riello-ups.com Product URL: http://www.riello-ups.com/products/4-software-connectivity/85-netman-204 Quick Referenc...

CVE-2016-4763

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2016-4763

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

UBUNTU-CVE-2016-4763

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2016-4763

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2016-4763

CVE-2016-4763 affects WKWebView in WebKit across Apple platforms (iOS before 10, Safari before 10) and iTunes before 12.5.1 on Windows. Root cause: certificate validation failure in WKWebView leads to improper verification of HTTPS X.509 certificates, enabling MITM attackers to spoof servers and ...

Siemens Desigo PX Web Module Insufficient Entropy Vulnerability

OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...

iccea.ir XSS vulnerability

Vulnerable URL: http://iccea.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 18:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 909962 VIP website status:| No Check iccea.ir...

togi-sante.com XSS vulnerability

Vulnerable URL: http://www.togi-sante.com/recherche.html?motclef=%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 11:22 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

asus.com XSS vulnerability

Vulnerable URL: http://www.asus.com/zentalk/tw/forum.php?mod=viewthread=82557dd2ks';alert'OPENBUGBOUNTY';//=page%3D1 Details: Description| Value ---|--- Patched:| Yes, at 24.03.2017 Latest check for patch:| 24.03.2017 04:53 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

Trend Micro Control Manager task_controller Information Disclosure

An information disclosure vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of the 'url' parameter in the request for taskcontrol.php. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted HT...

Spyware Targeting Overseas Travelers Removed from Google Play

Google booted four spyware-laced apps from Google Play that targeted oversees travelers seeking embassy information and news for specific European countries. The apps gathered user information from Android phones including: contacts, email, GPS data, phone type, device ID and identified if the...

openSUSE Security Update : opera (openSUSE-2016-1088)

This update to opera 39.0.2256.71 fixes the following issues : - Deadlock when closing a bubble opened by touch - Crash in opera::FreedomProxyConfigurationImpl::RetrieveProxyServe rs - No temporary or permanent error when unable to connect to API server - Some requests bypass the proxy on startup...

Firefox Browser vulnerable to Man-in-the-Middle Attack

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle MITM impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS...