Htcap - web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused mainly on the crawling process and uses external tools to discover vulnerabilities. It'...

OpenSSH < 7.0 Multiple Vulnerabilities

Binary data 9309.prm...

cbonline.interactivedata.com XSS vulnerability

Open Bug Bounty ID: OBB-147484 Description| Value ---|--- Affected Website:| cbonline.interactivedata.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

IDA SDK 6.9 Demo / IDA 5.0 Freeware DLL Hijacking

Software : Interactive DisAssembler IDA PRO Version: = IDA SDK 6.9 demo IDA 5.0 Freeware Software Link: https://www.hex-rays.com/products/ida/support/download.shtml Tested on: WINDOWS XP SP3 - 32 bit, WINDOWS 7 SP1 - 32 bit, Windows 8.1 32 bit IDA Pro suffers from DLL HIJACK Vulnerability from .i...

ŠKODA Interactive Catalogue - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application ŠKODA Interactive Catalogue published at the 'play' market has multiple vulnerabilities...

Magic Watchface-Interactive - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Magic Watchface-Interactive published at the 'play' market has multiple vulnerabilities...

Apple, Google Faced All Writs Act Orders

The American Civil Liberties Union has dug up more proof that from the get-go the FBI’s attempt to crack open an iPhone used by the San Bernardino shooter Syed Rizwan Farook was not just about the one phone. The ACLU found court documents and on Wednesday published an interactive map visualizing...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160321)

It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. CVE-2016-3115 It was discovered that the OpenSSH sshd daemon did not chec...

CentOS Update for openssh CESA-2016:0466 centos6

Check the version of openssh SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882431";...

openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

htop 2.0 - An Interactive Process Viewer for Unix

htop is an interactive system-monitor process-viewer. It is designed as an alternative to the Unix program top. It shows a frequently updated list of the processes running on a computer, normally ordered by the amount of CPU usage. Unlike top, htop provides a full list of processes running, inste...

Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability (FG-IR-16-001) - Version Check

An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability

The SSH server running on the remote host can be logged into using default SSH credentials. The 'FortimanagerAccess' account has a password based on the string 'FGTAbc11xy+Qqz27' and a calculated hash that is publicly known. A remote attacker can exploit this to gain administrative access to the...

Amazon Linux AMI : openssh (ALAS-2015-625)

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. It w...

Medium: openssh

Issue Overview: A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as...

openssh, pam_ssh_agent_auth security update

CentOS Errata and Security Advisory CESA-2015:2088 Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

ffmpeg -- multiple vulnerabilities

NVD reports: The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race conditi...

DEBIAN-CVE-2015-8364

Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...

CVE-2015-8364

Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...