Lucene search
+L

88 matches found

hackapp
hackapp
added 2016/04/01 9:45 a.m.10 views

Bruce Lee: Enter The Game - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Bruce Lee: Enter The Game published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2016/03/18 10:54 a.m.21 views

Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced

In the end, it was a nail-biter pitting Tencent Security Team Sniper KeenLab and PC Manager against JungHoon Lee lokihardt for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a...

7.8AI score
Exploits0References4
Into the symmetry
Into the symmetry
added 2016/01/29 5:19 a.m.268 views

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...

2.6CVSS5.8AI score0.83645EPSS
Exploits1
Drupal
Drupal
added 2015/07/08 12:0 a.m.15 views

Administration Views - Critical - Information Disclosure - SA-CONTRIB-2015-132

Administration Views module replaces overview/listing pages with actual views for superior usability. The module does not check access properly under certain circumstances. Anonymous users could get access to read information they should not have access to. CVE identifiers issued CVE-2015-7226...

5CVSS6AI score0.02087EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2015/03/21 6:38 p.m.15 views

Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition

The Annual Pwn2Own Hacking Competition 2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year’s hacking...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/03/05 12:0 a.m.21 views

Linux/MIPS Little Endian - Chmod 666 /etc/passwd 55 Bytes

Linux/MIPS Little Endian - Chmod 666 /etc/passwd 55 Bytes. Shellcode exploit for linuxmips platform include / Title: Linux/MIPS Little Endian - chmod 666 /etc/passwd - 55 bytes Date: 2015-03-05 Author: Sang-Min LEE Email: [email protected] Blog: http://smleenull.tistory.com / char sc =...

7.4AI score
Exploits0
Drupal
Drupal
added 2014/09/24 12:0 a.m.12 views

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)

The Webform Patched module is a fork of the Webform module with Token support added. The module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have...

6.9AI score
Exploits0References15
Drupal
Drupal
added 2014/02/12 12:0 a.m.20 views

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...

3.5CVSS6.3AI score0.01095EPSS
Exploits0References14
Drupal
Drupal
added 2014/02/12 12:0 a.m.17 views

SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)

This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with th...

3.5CVSS6.3AI score0.01046EPSS
Exploits0References10
Drupal
Drupal
added 2014/01/22 12:0 a.m.20 views

SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect

The Language Switcher Dropdown module enables you to place a block with a convenient drop-down language switcher. After choosing a value the user is redirected to the url of the relevant language. The module doesn't check that the url provided is a valid internal path prior to redirecting. CVE...

5.8CVSS6.4AI score0.01191EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2013/11/08 12:0 a.m.31 views

CentOS Update for firefox CESA-2013:1476 centos6

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:1476 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

10CVSS0.8AI score0.06493EPSS
Exploits0References2
Drupal
Drupal
added 2013/10/30 12:0 a.m.23 views

SA-CONTRIB-2013-084 - FileField Sources - Access Bypass

This module expands on the FileField module by allowing you to select new or existing files through additional means, such as re-using files with an auto-complete textfield, attaching server-side files uploaded via FTP, transferring file files from a remote server, pasting a file directly from th...

4CVSS6.4AI score0.01094EPSS
Exploits0References10
Drupal
Drupal
added 2013/07/10 12:0 a.m.27 views

SA-CONTRIB-2013-055 - Hatch - Cross Site Scripting

Hatch theme is a simple and minimal portfolio theme for photographers, illustrators, designers, or photobloggers. The theme didn't sufficiently escape user supplied text prior to printing them. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

2.1CVSS6.4AI score0.00931EPSS
Exploits0References9
Drupal
Drupal
added 2013/01/09 12:0 a.m.22 views

SA-CONTRIB-2013-001 - Search API - Cross Site Scripting

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...

2.6CVSS5.5AI score0.0135EPSS
Exploits0References11
Drupal
Drupal
added 2012/10/10 12:0 a.m.20 views

SA-CONTRIB-2012-152 - Feeds - Access bypass

The feeds module enables you to import or aggregate data as nodes, users, taxonomy terms or simple database records. The module doesn't sufficiently check permissions when creating nodes on behalf of a user. This vulnerability is mitigated by the fact that an attacker must have control over the...

4.3CVSS6.4AI score0.01168EPSS
Exploits0References11
CERT
CERT
added 2012/06/08 12:0 a.m.35 views

ForeScout CounterACT reflected XSS vulnerability

Overview The ForeScout CounterACT appliance contains reflected cross-site scripting XSS vulnerabilities. Description The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities CWE-79. The following are a couple...

4.3CVSS5.8AI score0.00987EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2012/04/01 8:6 p.m.13 views

Cyber Warfare - The Hacker News Magazine April 2012 Edition | Issue 10

Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2011/06/24 12:0 a.m.29 views

ManageEngine Service Desk Plus 8.0 Directory Traversal

Software Link: http://www.manageengine.com/products/service-desk/91677414/ManageEngineServiceDeskPlus.exe Version: 8.0 + Introduction Directory traversal vulnerabilities has been found in ManageEngine ServiceDesk Plus 8.0 a web based helpdesk system written in Java. The vulnerability can be...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2010/04/30 12:0 a.m.18 views

Drupal Privatemsg Module Security Bypass Security Issue

No description provided by source. A security issue has been reported in the Privatemsg module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The security issue exists due to improper access permission checks in the Email Notification...

7.1AI score
Exploits0
Drupal
Drupal
added 2010/04/28 12:0 a.m.12 views

SA-CONTRIB-2010-038 - Privatemsg - Access bypass

The Privatemsg module allows to send private messages between users. Additionally, the sub module Privatemsg Email Notification sends e-mail notification when such a message is sent. The page to configure the template for these e-mails does not use the correct access permission which allows all...

6.9AI score
Exploits0References5
Rows per page
Query Builder