Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

Gratipay: stop serving grtp.co over HTTP

Target Domain: grtp.co 1 Issue Details: Service available on HTTP As per the policy details under scope on HackerOne portalhttps://hackerone.com/gratipay, the 'grtp.co'. should be available only on port 443 or HTTPS protocol. However grtp.co service is running on port 80 too i.e., running on HTTP...

Logstash 2.2.1 Elasticsearch Output Vulnerability

Logstash version 2.2.1 is vulnerable to a man in the middle attack when used with Elasticsearch output. In version 2.2.1, the config which enables SSL/TLS default has been disabled inadvertently, so a malicious user could access payload data sent via HTTP during the initial handshake. This has be...

brightemailmarketing.com Open Redirect vulnerability

Vulnerable URL: http://www.brightemailmarketing.com/ops/EPassLink.asp?EID=200941512400=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 22979552...

Apache Subversion Certificate Validation Information Disclosure Vulnerability

Apache Subversion is prone to certificate validation information disclosure vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

neighborhoodimage.com Open Redirect vulnerability

Vulnerable URL: http://www.neighborhoodimage.com/adserver/www/delivery/ck.php?oaparams=2bannerid=361zoneid=1cb=01084b1e8doadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:|...

museumvictoria.com.au XSS vulnerability

Vulnerable URL: http://museumvictoria.com.au/melbournemuseum/search/?q=%3Cscript%3Ealert%28/xssposed/%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

OpenSSL high-risk vulnerabilities allow attackers to decrypt HTTPS traffic-bug warning-the black bar safety net

OpenSSL maintainer to fix a high risk vulnerability allows an attacker can obtain the decryption of HTTPS and other encrypted traffic key. Vulnerability the potential impact of While serious, but the need to meet multiple criteria to be used: the vulnerability exists only in OpenSSL 1.0.2; rely o...

Mozilla Firefox Man-in-the-Middle Attack Vulnerability (CNVD-2016-00851)

Mozilla Firefox on Android is an open source web browser for the Android platform. Mozilla Firefox on Android fails to ensure that lightweight themes are installed using HTTPS, allowing remote attackers to perform man-in-the-middle attacks by modifying client-server data streams, changing theme...

cs.odu.edu XSS vulnerability

Vulnerable URL: http://www.cs.odu.edu/mln/teaching/cs791-s04/?method=display=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...

OpenSSL high-risk vulnerabilities allow hackers to decrypt HTTPS traffic（CVE-2 0 1 6-0 7 0 1-a vulnerability warning-the black bar safety net

! The OpenSSL encryption code library defenders are declared fixes a high risk vulnerability. The vulnerability could allow a hacker to access in HTTPS and other secure transport layer, for the encrypted communication to decrypt the key. OpenSSL vulnerability details When various conditions are...

CVE-2016-1948

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...

CVE-2016-1948

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...

Code injection

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...

CVE-2016-1948

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...

CVE-2016-1948

Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...

Mail.ru: [api.login.icq.net] Reflected XSS

https://api.login.icq.net/auth/login?doSNSAuth=-1&f=qs&idType=OID&k=ao1-uaRbbNAqtYfG&succUrl=http://c.icq.com/webicq/iconuploader/1/redir.html&supportedIdType=SN"alertdocument.domaina="&doSNSAuth=0 Тонкость: обязательно открывать через HTTPS. Работает IE 8...

books.nationalgeographic.com XSS vulnerability

Vulnerable URL: http://books.nationalgeographic.com/ngm/0412/feature5/zoomify/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

arat-forest.be XSS vulnerability

Vulnerable URL: http://www.arat-forest.be/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6037221 Google Pagerank| 0 VIP website status:| No Check...