257 matches found
Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability
Exploit for hardware platform in category web applications 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions...
Cleaning up my GOPATH with Homebrew
tl;dr: use the script at the bottom to go get into the Homebrew "Cellar" and keep your GOPATH clean. I personally like GOPATH and import paths, but while trying to reduce my laptop to a thin reproducible client, I felt the pain of keeping track of the hundreds of repositories that end up in there...
CVE-2017-6766
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...
CVE-2014-2045
CVE-2014-2045 affects Viprinet Multichannel VPN Router 300. The issue is multiple cross‑site scripting (XSS) vulnerabilities in both the device’s old and new web interfaces, exploitable via crafted usernames or other parameters (e.g., hostname, config inspect, atcommands, ping tool). Exploitation...
vhd-util tool to inspect the VHD headers of a VHD
vhd-util is a native utility of a XenServer used to inspect the VHD headers of a VHD. This will be useful to inspect the parent child relationship in VHD files...
CVE-2016-3693
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...
Information disclosure
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...
PT-2016-5662 · Ruby · Safemode
Name of the Vulnerable Software and Affected Versions: Safemode gem versions prior to 1.2.4 Description: The issue allows context-dependent attackers to obtain sensitive information via the inspect method when the Safemode gem is initialized with a delegate object that is a Rails controller...
Safemode Gem for Ruby is vulnerable to information disclosure
Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...
Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code
Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...
RHEL 7 : docker (RHSA-2015:0623)
Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Stash email settings fields can be inadvertently be populated by browser with user login details - security issue
The email and username password in the email server settings screen has the same names as the username and password fields when logging in. This has the unintentional side affect of being pre-populated by your browser if you have left the mail server credentials blank and your browser has saved...
ProcessThreadsView - View process threads information On Windows
ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...
CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
CVE-2013-2124
CVE-2013-2124 is a double-free vulnerability in LibguestFS’s inspect-fs.c that affects LibguestFS 1.20.x (before 1.20.7), 1.21.x, 1.22.0, and 1.23.0. The issue allows remote attackers to cause a denial of service (crash) via empty guest files. The connected documents do not provide a confirmed ex...
DEBIAN-CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
UBUNTU-CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
Ian Dunn: Path Disclosure Vulnerability
Hey , I'm Jamal in this report i want to show you a Vulnerability Found It In basic-google-maps-placemarks Pugin Description: Title : Path Disclosure Vulnerability Status : Unfixed Tested on : Firefox Author : Jamal Eddine Email : [email protected] Discovered : 2014/05/04 Report it : 2014/05/04...
HackerOne: Upload profile photo from URL
Using this vulnerability users can upload images from any image URL. Just change upload type using inspect element from "type=file" to "type=url" , paste URL in text field and hit enter or click on "Update Profile". Your profile photo will be changed to photo from URL. P.S Im sorry for my bad...
Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug
Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...