Lucene search
+L

174 matches found

RedhatCVE
RedhatCVE
added 2015/10/30 9:30 a.m.30 views

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

4.3CVSS7.1AI score0.01603EPSS
Exploits1References2
Hacker One
Hacker One
added 2015/09/04 8:0 p.m.20 views

Gratipay: Mail spaming

Hello, We can bomb spam any email we want using your website. POC : 1.register 2.go to https://gratipay.com/hussein98d/emails/ and add your victim's email 3.start intercepting requests and click on "resend" 4.replay the same request many time , the victim's email will be spammed with Gratipay...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/09/02 12:0 a.m.45 views

Mantis Bug Tracker 1.2.19 - Host Header

Exploit Title: MantisBT 1.2.19 - Host header attack vulnerability Date: 07-09-2015 Exploit Author: Pier-Luc Maltais Centre opérationnel de sécurité informatique gouvernemental COSIG Vendor Homepage: https://www.mantisbt.org/ Software Link:...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2015/07/30 3:30 p.m.13 views

Burp Suite Professional v1.6.23 - The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.42 views

Logstash vulnerability CVE-2015-5378

Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and...

2.6AI score0.02462EPSS
Exploits0
Hacker One
Hacker One
added 2015/07/03 8:54 p.m.33 views

Udemy: Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.

Authenticated user can register for some course paid or free. After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API by using intercepting proxy tool and modify...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/06/09 8:56 p.m.19 views

Slack: Link vulnerability leads to phishing attacks

Hello Guys, Hope you are doing great. I'm sending this email to let you know about a vulnerability i stumbled upon while using slack it's a great app!. While copy-pasting a link from a pdf to slack desktop/web, i noticed that the resulting links looked a bit messed up 1.png Firing up burp and...

7AI score
Exploits0
Kitploit
Kitploit
added 2015/05/09 7:14 p.m.48 views

Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...

7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2015/03/07 2:0 a.m.27 views

CVE-2015-1595

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...

6.2AI score0.00674EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/01/13 9:59 p.m.29 views

Vimeo: Adding profile picture to anyone on Vimeo

Hi! Brief The profile picture upload feature at https://vimeo.com/settings/profile contains a bug where an access control is missing for uploading a profile picture to a profile ID. This leads to the possibility of uploading a profile picture to any account on Vimeo. Furthermore, since the upload...

Exploits0
myhack58
myhack58
added 2014/12/20 12:0 a.m.33 views

Cellular communications network discovery security vulnerabilities allow others to monitor the dead calls or intercept text messages-vulnerability warning-the black bar safety net

German researchers in a cellular communication network widely used on the VII signaling system SS7, Signaling System Number 7 on the discovery of a security vulnerability, allowing spies, hackers and criminals potential large-scale monitoring of private phone calls and intercept text messages...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/09/20 12:0 a.m.29 views

Livefyre LiveComments Plugin - Persistent Cross-Site Scripting

Title : Stored XSS in Livefyre LiveComments Plugin CVE : 2014-6420 Vendor Homepage : http://livefyre.com Software Link : http://web.livefyre.com/streamhub/liveComments Version : v3.0 Author : Brij Kishore Mishra Date : 03-Sept-2014 Tested On : Chrome 37, Ubuntu 14.04 Description : This plugin...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/09/10 2:22 a.m.17 views

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel...

6.4AI score
Exploits0References9
Hacker One
Hacker One
added 2014/09/03 6:6 p.m.12 views

X (Formerly Twitter): Full path disclosure at ads.twitter.com

Hi there, I noticed a small information disclosure full path disclosure on ads.twitter.com. Steps to reproduce - 1. Login to ads.twitter.com - 2. Start to create a new twitter-follower campaign - 3. Choose to upload a new picture - 4. Turn on your intercepting proxy - 5. Upload a file - 6. You...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS

No description provided by source. Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection

No description provided by source. Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Teste...

7.1AI score
Exploits0
Prion
Prion
added 2014/06/06 2:55 p.m.16 views

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

5CVSS7.1AI score0.01173EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.17 views

Session fixation

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

2.9CVSS6.9AI score0.00674EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2014/05/13 1:8 a.m.9 views

NSA Reportedly Intercepts US-made Internet Routers to Install Spyware

The US Intelligence Agency, NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering “backdoors” and other spywares before they are exported and delivered to the international customers, reported by the Guardian. Yesterday...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/31 9:23 a.m.12 views

Google DNS Intercepted in Turkey

Internet service providers in Turkey have been intercepting traffic to Google’s DNS servers and redirecting it, shutting off a workaround that Turkish users had employed to get to sites such as Twitter and YouTube after the government had blocked them. Google software engineers said they had...

1.1AI score
Exploits0References3
Rows per page
Query Builder