CVE-2016-5774

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters...

ballinamanor.com.au Open Redirect vulnerability

Vulnerable URL: http://www.ballinamanor.com.au/statscollect.php?goto=http://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 10899049 VIP website status:|...

patrimonio.go.cr XSS vulnerability

Vulnerable URL: http://www.patrimonio.go.cr/prototipo/start.html?Page=javascript:alert%28/OPENBUGBOUNTY/%29 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5262764 VIP website status:| No Check patrimonio.go.cr S...

Shopify: https://windsor.shopify.com/ takeover

Hi Shopify, So I was doing some scanning for another client and saw a ton of .shopify.com appear and thought to myself "Huh? I thought shopify.com hosted shops on myshopify.com.. weird, lets check this out". An example is this: http://khanbot.shopify.com/password - as you can see it's a store...

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution

Exploit for linux platform in category remote exploits ============================================= - Release date: 06.07.2016 - Discovered by: Dawid Golunski - Severity: High - CVE-2016-4971 ============================================= I. VULNERABILITY ------------------------- GNU Wget 1.18...

redrocker.ru XSS vulnerability

Vulnerable URL: http://redrocker.ru/bh.php?dm=homero.com.mx";;alert'OPENBUGBOUNTY';function zif0// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check redrocker....

MileSight camera default private key certificate vulnerability

MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. MileSight camera suffers from a default private key certificate vulnerability. Since all cameras share the same secret key, an attacker can exploit the vulnerability to launch a man-in-the-middle attack whe...

Concrete CMS: Full Page Caching Stored XSS Vulnerability

Configuration A concrete5 site running over https on a dedicated IP address. Or any situation where you're not doing name-based virtual hosting and the web server will answer to any hostname. - You have full page caching enabled likely just block output caching too. - Doesn't matter if you have...

feti.lsu.edu XSS vulnerability

Vulnerable URL: http://feti.lsu.edu/certification/calendar.php?year=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check feti.lsu.edu SSL connection:| Grade: F...

SA127 : PacketShaper S-Series Insecure Cryptographic Parameters

SUMMARY The HTTPS web UI in PacketShaper S-Series 11.5 may use insecure cryptographic parameters for incoming management connections. A remote attacker who can be a man-in-the-middle, under certain circumstances, may be able to exploit this vulnerability to obtain user authentication credentials...

Let's Encrypt Celebrates Big HTTPS Milestone

Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month. Let’s Encrypt launched to the general public just seven months ago. “Our goal is to get the entire web 100 percent HTTPS,” said Josh Aas, executi...

LocalTapiola: Mixed Active Scripting Issue on https://www.lahitapiola.fi

HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://www.lahitapiola.fi/henkilo/asiakaspalvelu/asioi-verkossa/kirjaudu-verkkoon Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can...

BBCode injection vulnerability

PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...

2chmap.com XSS vulnerability

Vulnerable URL: http://2chmap.com/search.php?keyword=%5B%27%27%5D%22+%2F%3E%3Cscript%3Eprompt%28%2FOPENBUGBOUNTY%2F%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Amazon Linux AMI : squid (ALAS-2016-713)

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation flaws were found ...

popoholic.com XSS vulnerability

Vulnerable URL: http://www.popoholic.com/photos5.php?id=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 40456 VIP website status:| Yes Check popoholic.com SSL connection:| Grade: ...

Medium: squid

Issue Overview: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation...

RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)

Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...

Twitter Forces Password Reset on Some Exposed Accounts

Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials. A Russian hacker known as Tessa88 has been involved in a number of recent password disclosures with Twitter being the most recent. He shared the cache of...

tearsheet.money.net XSS vulnerability

Vulnerable URL: https://tearsheet.money.net/search.php?search=cof=ALL=OPENBUGBOUNTY"==0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:|...