Medium: golang

Issue Overview: An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability. Affected Packages: golang Issue...

Symantec Brightmail 10.6.0-7 LDAP Credential Grabber

Exploit Title: Symantec Brightmail ldap credential Grabber Date: 18/04/2016 Exploit Author: Fakhir Karim Reda Vendor Homepage: https://www.symantec.com/securityresponse/securityupdates/detail.jsp?fid=securityadvisory&pvid=securityadvisory&year&suid=2016041800 Version: 10.6.0-7 and earlier Tested...

cascadedesigns.com Open Redirect vulnerability

Vulnerable URL: http://www.cascadedesigns.com/setlocale.aspx?returnURL=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:27 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa...

ciltuk.org.uk XSS vulnerability

Vulnerable URL: https://www.ciltuk.org.uk/News/LatestNews/tabid/235/ctl/NewsItem/mid/589/Id/4107/Default.aspx?returnurl=javascript:alert%28/OPENBUGBOUNTY/%29 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Public...

avantgardeauto.it Open Redirect vulnerability

Vulnerable URL: http://www.avantgardeauto.it/Site/SetCulture.aspx?culture=fr-LU=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:27 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclose...

Information disclosure

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,...

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,...

CBS Sports App Transmitted Data Unencrypted

CBS recently fixed a vulnerability in its popular Sports application that could have exposed users to man-in-the-middle attacks and inadvertently leaked personal data. According to researchers, upon registration, users’ names, email addresses, account passwords, dates of birth, and zip codes were...

CVE-2016-2113

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate...

Asbru Web Content Management System Detection

Detection of Asbru Web Content Management System. This script sends an HTTPS GET request and checks for the presence of the application. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

WordPress Free Encryption Through Let's Encrypt Project

All custom domains hosted on WordPress.com will soon have their sites automatically encrypted for free. WordPress said late Friday afternoon that more than one million sites will have encryption automatically deployed. “We are closing the door to unencrypted web traffic at every opportunity,” wro...

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure. WordPress – free, open source and the most popular a content...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.7 update (Moderate) (RHSA-2016:0596)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0596 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...

[SECURITY] Fedora 24 Update: nodejs-request-2.67.0-6.fc24

Request is designed to be the simplest way possible to make HTTP calls. It supports HTTPS and follows redirects by default. You can stream any response to a file stream. You can also stream a file to a PUT or POST request. It also supports a few simple server and proxy functi ons...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.7 update

A Red Hat JBoss Enterprise Application Platform update is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...

BREACH Revived to Steal Private Messages from Gmail, Facebook

The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...

go -- remote denial of service

Jason Buberel reports: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...