88 matches found
Detecting Laptop Tampering
Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...
Revoke-Obfuscation - PowerShell Obfuscation Detection Framework
Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. Authors Daniel Bohannon @danielhbohannon Lee Holmes @LeeHomes Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper:...
articles.guntherlee.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-524647 Description| Value ---|--- Affected Website:| articles.guntherlee.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosu...
CVE-2017-1148
The CVE-2017-1148 entry applies to IBM OpenPages GRC Platform versions 7.2–7.3 with the OpenPages Loss Event Entry (LEE) application. The root cause is described as insecure object reference leading to information disclosure of sensitive data, including private APIs, which could be leveraged for ...
eu.lee.com XSS vulnerability
Open Bug Bounty ID: OBB-378721 Description| Value ---|--- Affected Website:| eu.lee.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting
Quali CloudShell 7.1.0.6508 Patch 6 - Persistent Cross-Site Scripting Vulnerability type: Multiple Stored Cross Site Scripting Vendor: Quali Product: CloudShell Affected version: v7.1.0.6508 Patch 6 Patched version: v8 and up Credit: Benjamin Lee CVE ID: CVE-2017-9767...
Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science
Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivered and executed by malicious binaries and documents. Of malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell to...
LBTC Mobile Information Disclosure Vulnerability
LBTC Mobile is a banking service that you can access anytime, anywhere. Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS The app fails to validate X.509 certificates for SSL servers, allowing man-in-the-middle attackers to spoof servers and gain access to sensitive information by...
CVE-2017-9561
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9561
The CVE-2017-9561 entry concerns the Lee Bank & Trust lbtc-mobile/id1068984753 iOS app (version 3.0.1) that does not verify X.509 certificates when connecting to SSL servers, enabling a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate. This vu...
CVE-2017-9561
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016
Sir Tim Berners-Lee — the inventor of the World Wide Web — has won this year's A.M. Turing Award, which is frequently described as the "Nobel Prize of Computing," by the Association for Computing Machinery ACM. Turing Award is named after Alan Mathison Turing, the British mathematician and comput...
Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011
This module enables you to add integration with Facebook API. The module doesn't sufficiently sanitize incoming data from Facebook. This vulnerability is mitigated by the fact that an attacker must have be able to successfully pass malicious code through Facebook API or alter facebooks DNS and...
Starting Page 1.3 - category SQL Injection
Starting Page 1.3 - category SQL Injection Exploit Title: Starting Page 1.3 "Add a Link" - SQL Injection Date: 11-01-2017 Software Link: http://software.friendsinwar.com/downloads.php?catid=2&downloadid=11 Exploit Author: Ben Lee Contact: [email protected] Category: webapps Tested on: Win7 1...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005
Description Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...
Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050
Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...
On This Day 25-years Ago, The World's First Website Went Online
On this day 25 years ago, August 6, 1991, the world's first website went live to the public from a lab in the Swiss Alps. So Happy 25th Birthday, WWW! It's the Silver Jubilee of the world's first website. The site was created by Sir Tim Berners-Lee, the father of the World Wide Web WWW, and was...
REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033
This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...