carpethouse.se XSS vulnerability

Vulnerable URL: http://carpethouse.se/matta.php/"';--/?prod=72 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0...

gc.myfuncards.com XSS vulnerability

Vulnerable URL: http://gc.myfuncards.com/registration/resetPassword.jhtml?returnUrl="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0...

watsons.com.hk XSS vulnerability

Vulnerable URL: https://www.watsons.com.hk/login/pw/request Details: Description| Value ---|--- Patched:| Yes, at 01.12.2015 Latest check for patch:| 01.12.2015 16:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 152436 Google Pagerank| 4 VIP website status:| ...

laprovence.com XSS vulnerability

Vulnerable URL: http://www.laprovence.com/video/Le-JT-de-lOM-Michel-Diaby-mercato-quelles-solutions-pour-sen-sortir/x3d2v5h/"';-- Details: Description| Value ---|--- Patched:| Yes, at 07.07.2016 Latest check for patch:| 07.07.2016 14:08 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Google AdWords API PHP Client Library 6.2.0 XXE Injection

Advisory URL: http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I...

Google AdWords API PHP Client Library 6.2.0 XXE Injection Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High =============================================...

Google AdWords API PHP Client Library 6.2.0 Code Execution

Advisory URL: http://legalhackers.com/advisories/Google-AdWords-PHP-Client-library-PHP-Code-Execution.txt ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I. VULNERABILITY...

CVE-2015-1996

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...

CVE-2015-1993

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session...

Design/Logic Flaw

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...

Information disclosure

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...

CVE-2015-1993

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session...

CVE-2015-1996

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...

CVE-2015-1996

IBM QRadar Incident Forensics 7.2.x vulnerable to cacheable SSL pages that can expose sensitive local-cache data to a local attacker with an unattended workstation. Affected: QRadar Incident Forensics 7.2.x prior to 7.2.5 Patch 5. CVSS base score 2.1 (LOW). Remediation: apply IBM QRadar 7.2.5 Pat...

deakin.edu.au XSS vulnerability

Vulnerable URL: https://www.deakin.edu.au/password/change/ Details: Description| Value ---|--- Patched:| Yes, at 10.11.2015 Latest check for patch:| 10.11.2015 23:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21888 Google Pagerank| 8 VIP website status:| Ye...

gettyimages.it XSS vulnerability

Vulnerable URL: http://www.gettyimages.it/video/scriptscriptalertxssposedscript?collections=imbr,imbl=false=creative=1=%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E=best Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:3...

lesplatsdusoleil.fr XSS vulnerability

Vulnerable URL: http://www.lesplatsdusoleil.fr//search/site/?q= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 1...

cd.edb.gov.hk XSS vulnerability

Vulnerable URL: https://cd.edb.gov.hk/la03/chi/teachresouce/clipartcollection/TPSsearch.htm?keywords=%3C/script%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C/script%3E∧=0 Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:28 GMT Vulnerability type...

Ubiquiti Networks Hardcoded Keys / Remote Management

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure default configuration product: various Ubiquiti Networks products vulnerable version: see Vulnerable / tested versions fixed version: none available impact: High...

XcodeGhost Malware Supports iOS9

New samples of XcodeGhost, malware targeting iOS devices, have surfaced beyond the borders of China with new support for iOS9 and obfuscation techniques making it that much harder to detect. iOS9 is only a few weeks old and included new security measures that allowed for only secure HTTPS...