Lucene search
K

88 matches found

Schneier on Security
Schneier on Security
added 2018/05/04 11:19 a.m.10 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Kitploit
Kitploit
added 2018/02/23 8:29 p.m.35 views

Revoke-Obfuscation - PowerShell Obfuscation Detection Framework

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. Authors Daniel Bohannon @danielhbohannon Lee Holmes @LeeHomes Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper:...

7.3AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2018/01/16 2:23 a.m.30 views

articles.guntherlee.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-524647 Description| Value ---|--- Affected Website:| articles.guntherlee.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosu...

6.9AI score
Exploits0
CVE
CVE
added 2017/11/01 9:0 p.m.57 views

CVE-2017-1148

The CVE-2017-1148 entry applies to IBM OpenPages GRC Platform versions 7.2–7.3 with the OpenPages Loss Event Entry (LEE) application. The root cause is described as insecure object reference leading to information disclosure of sensitive data, including private APIs, which could be leveraged for ...

5.3CVSS4.8AI score0.01286EPSS
Exploits0References3Affected Software1
Openbugbounty
Openbugbounty
added 2017/10/30 7:25 p.m.13 views

eu.lee.com XSS vulnerability

Open Bug Bounty ID: OBB-378721 Description| Value ---|--- Affected Website:| eu.lee.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
exploitpack
exploitpack
added 2017/08/14 12:0 a.m.70 views

Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting

Quali CloudShell 7.1.0.6508 Patch 6 - Persistent Cross-Site Scripting Vulnerability type: Multiple Stored Cross Site Scripting Vendor: Quali Product: CloudShell Affected version: v7.1.0.6508 Patch 6 Patched version: v8 and up Credit: Benjamin Lee CVE ID: CVE-2017-9767...

3.5CVSS5.4AI score0.0298EPSS
Exploits5
FireEye
FireEye
added 2017/07/27 8:0 p.m.29 views

Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science

Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivered and executed by malicious binaries and documents. Of malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell to...

1.2AI score
Exploits0
CNVD
CNVD
added 2017/06/19 12:0 a.m.6 views

LBTC Mobile Information Disclosure Vulnerability

LBTC Mobile is a banking service that you can access anytime, anywhere. Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS The app fails to validate X.509 certificates for SSL servers, allowing man-in-the-middle attackers to spoof servers and gain access to sensitive information by...

5.9CVSS6.6AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2017/06/16 12:29 p.m.17 views

CVE-2017-9561

The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.2AI score0.00486EPSS
Exploits0References1
Prion
Prion
added 2017/06/16 12:29 p.m.13 views

Information disclosure

The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

4.3CVSS6.1AI score0.00486EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/06/16 12:0 p.m.46 views

CVE-2017-9561

The CVE-2017-9561 entry concerns the Lee Bank & Trust lbtc-mobile/id1068984753 iOS app (version 3.0.1) that does not verify X.509 certificates when connecting to SSL servers, enabling a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate. This vu...

5.9CVSS5.1AI score0.00486EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/06/16 12:0 p.m.21 views

CVE-2017-9561

The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.2AI score0.00486EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2017/04/04 8:54 p.m.15 views

Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016

Sir Tim Berners-Lee — the inventor of the World Wide Web — has won this year's A.M. Turing Award, which is frequently described as the "Nobel Prize of Computing," by the Association for Computing Machinery ACM. Turing Award is named after Alan Mathison Turing, the British mathematician and comput...

6.5AI score
Exploits0
Drupal
Drupal
added 2017/02/08 12:0 a.m.11 views

Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011

This module enables you to add integration with Facebook API. The module doesn't sufficiently sanitize incoming data from Facebook. This vulnerability is mitigated by the fact that an attacker must have be able to successfully pass malicious code through Facebook API or alter facebooks DNS and...

7.2AI score
Exploits0References14
exploitpack
exploitpack
added 2017/01/11 12:0 a.m.14 views

Starting Page 1.3 - category SQL Injection

Starting Page 1.3 - category SQL Injection Exploit Title: Starting Page 1.3 "Add a Link" - SQL Injection Date: 11-01-2017 Software Link: http://software.friendsinwar.com/downloads.php?catid=2&downloadid=11 Exploit Author: Ben Lee Contact: [email protected] Category: webapps Tested on: Win7 1...

0.9AI score
Exploits0
Drupal
Drupal
added 2016/11/16 12:0 a.m.659 views

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005

Description Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing...

4.3CVSS6.2AI score0.01957EPSS
Exploits0References28
Drupal
Drupal
added 2016/09/21 12:0 a.m.642 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...

6.1CVSS5.1AI score0.01716EPSS
Exploits0References23
Drupal
Drupal
added 2016/08/31 12:0 a.m.20 views

Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050

Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...

6.8AI score
Exploits0References14
The Hacker News
The Hacker News
added 2016/08/05 11:6 p.m.13 views

On This Day 25-years Ago, The World's First Website Went Online

On this day 25 years ago, August 6, 1991, the world's first website went live to the public from a lab in the Swiss Alps. So Happy 25th Birthday, WWW! It's the Silver Jubilee of the world's first website. The site was created by Sir Tim Berners-Lee, the father of the World Wide Web WWW, and was...

6.5AI score
Exploits0
Drupal
Drupal
added 2016/06/08 12:0 a.m.16 views

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...

7.3AI score
Exploits0References10
Rows per page
Query Builder