noc.leaseweb.com XSS vulnerability

Open Bug Bounty ID: OBB-179596 Description| Value ---|--- Affected Website:| noc.leaseweb.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

blog.leaseweb.com XSS vulnerability

Vulnerable URL: http://blog.leaseweb.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

leaseweb.com XSS vulnerability

Vulnerable URL: https://www.leaseweb.com/cdn/pay-as-you-go Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 14286 VIP website status:| Yes Check leaseweb.com SSL connection:| Grade: ...

LeaseWeb: Server version is disclosure in http://leasewebnoc.com/

Hello Leaseweb It's my same report but it's for different web application http://leasewebnoc.com here is sever version disclosure in http://leasewebnoc.com as when I have request about .htaccess , that returns result of forbidden but following server version publicly disclosure. Apache/2.2.22...

LeaseWeb: MISSING SPF RECORDS & MISSING DKIM POLICY

Missing SPF Records and DKIM policy ----------------------------------------------------- At this moment the leaseweb.com domain is missing the appropriate SPF records and DKIM policy. We are aware of the attack scenarios and currently working on a solution. We will add the missing SPF records an...

LeaseWeb: Apache version disclosed on developer.leaseweb.com

HI For URL "http://developer.leaseweb.com/asdfadsf" apache version is disclosed in response header "Server" Connection: keep-alive Content-Encoding: gzip Content-Length: 174 Content-Type: text/html; charset=iso-8859-1 Date: Sat, 20 Feb 2016 05:11:18 GMT Server: Apache/2.4.7 Vary: User-Agent This...

LeaseWeb: Directory Listening

Directory Listing ============= On some of our applications directory listing is configured. This is only allowed on those that do not contain restricted content. If the directory already contains public readable content, we find this not harmful, unless a working PoC can be given for a security...

LeaseWeb: DOM Based XSS in Checkout

Hey, This works in all browsers I suppose and regardless if the user is currently authenticated or not. Simply go over to : https://www.leaseweb.com/checkout-success/16893". Attached herewith is the screenshot. Thanks!...

Adult Magazine Sued LeaseWeb for Hosting Pirated Websites, claiming $188M in Damages

Perfect 10, an Adult Magazine Publisher who previously accused Google, Amazon, RapidShare, Deposit File and many more companies for Copyright Infringement, has sued LEASEWEB Hosting provider this time. LEASEWEB is the former hosting provider of File Sharing website 'Megaupload', and Perfect 10...

Bredo Banking Malware Campaign Targets Bank of America Customers

The Major US Financial institution, Bank of America is being targeted by a stealthy malicious financial malware campaign, according to AppRiver report. Last month the researchers at AppRiver has noticed enormous volumes of traffic through their data centers, with the peaks of traffic reaching thr...

Metasploit Registrar Duped by Social Engineering, Not Fax

The registrar for the Metasploit and Rapid7 websites, both of which were victims of a DNS hijacking attack on Friday, was not duped by a spoofed change request sent via fax as it originally reported. Instead, a Register.com employee likely fell victim to a social engineering scam that resulted in...

Phony Fax Leads to Metasploit, Rapid7 DNS Hijacking

A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com. “Hacking like it’s 1964...

Whatsapp and AVG Antivirus Website defaced by Palestinian Hackers

The Website of Word's most popular mobile messaging app and Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group. The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national...

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as...

World's Largest Web Hosting company 'LeaseWeb' Hacked by KDMS Team

LeaseWeb, one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team. LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that Leaseweb had deleted all...

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as...

World's Largest Web Hosting company 'LeaseWeb' Hacked by KDMS Team

LeaseWeb, one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team. LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that Leaseweb had deleted all...

Megaupload files deleted by Dutch hosting company LeaseWeb

Kim Dotcom today said on Twitter that Megaupload user data in Europe has been irreversibly lost because it was deleted by a Dutch hosting company called LeaseWeb. LeaseWeb is based in Germany and has subsidiaries also in the United States, the company. LeaseWeb has 60,000 servers under its...

Megaupload files deleted by Dutch hosting company LeaseWeb

Kim Dotcom today said on Twitter that Megaupload user data in Europe has been irreversibly lost because it was deleted by a Dutch hosting company called LeaseWeb. LeaseWeb is based in Germany and has subsidiaries also in the United States, the company. LeaseWeb has 60,000 servers under its...