EUVD-2015-7197

Malware in sbrugna...

iab-forum.de Cross Site Scripting vulnerability OBB-3757021

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore

Qualys Blog Series – Threat Research Unit Report “Divide and Conquer” is an emerging and winning strategy for cyber criminals who split responsibilities to improve execution of the attack process. Some threat actors specialize in the back end, which often is ransomware deployed at scale. The fron...

Silence is golden partner for Truebot and Clop ransomware

A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...

arqueologia-iab.com.br Cross Site Scripting vulnerability OBB-2730072

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

EUVD-2020-0969

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

Information disclosure

The Interactive Advertising Bureau IAB OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug...

CVE-2015-7266

The CVE-2015-7266 entry concerns the Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation. Affected component: OpenRTB 2.3 protocol handling within the ad tech stack. Problem: an implementation flaw allows remote attackers to conceal the status of ad transactions and potential...

CVE-2018-0254

Cisco Firepower System Software’s detection engine is affected by CVE-2018-0254. The issue arises when Intelligent Application Bypass (IAB) with a drop percentage threshold is configured, causing incorrect counting of dropped traffic. An unauthenticated, remote attacker could exploit this to bypa...

Cisco Firepower System Software Intelligent Application Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass IAB with a drop percentage threshold is also configured. The vulnerability is due to incorrect...

iab.com XSS vulnerability

Vulnerable URL: https://www.iab.com/?s=%22%3E%3Csvg/onload=alert/openbugbounty/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 63972 VIP website status:| No Coordinated Disclosu...

Rockwell Automation Integrated Architecture Builder Access Violation Memory Error

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on February 25, 2016, and is being released to the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified an access violation memory error in Rockwell Automation’s Integrated Architecture Builder IA...

CVE-2016-2277

IAB.exe in Rockwell Automation Integrated Architecture Builder IAB before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file...