62 matches found
DC/OS Marathon UI - Docker (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...
winterthur-marathon.ch XSS vulnerability
Open Bug Bounty ID: OBB-231433 Description| Value ---|--- Affected Website:| winterthur-marathon.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
melbournemarathon.shopdesq.com XSS vulnerability
Vulnerable URL: https://melbournemarathon.shopdesq.com/search?search=OPENBUGBOUNTY" Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 19:19 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...
DC/OS Marathon UI Docker Exploit
Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing...
brightonmarathon.info XSS vulnerability
Vulnerable URL: https://brightonmarathon.info/login.php?message=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
marathonpetroleum.com XSS vulnerability
Vulnerable URL: http://www.marathonpetroleum.com/Search/?search2=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSSPOSED%22%29%3C%2FSCRIPT%3E%22%3E Details: Description| Value ---|--- Patched:| Yes, at 09.06.2017 Latest check for patch:| 09.06.2017 10:09 GMT Vulnerability type:| XSS Vulnerability...
Edward Snowden at SXSW Conference: Would I do this again?, I Would!
The Whistleblower and Former National Security Agency NSA contractor Edward Snowden raised his voice and talked about citizen’s privacy once again. Yes, Snowden, whose leaks last year triggered debate on the massive surveillance conducted by the Government worldwide. In an interview, speaking via...
EHACK : The Largest Information Security Awareness Marathon Globally
More than 9000+ participants enter the Guinness book of World Records for the largest congregation for information Security. E-Hack, world largest Ethical Hacking workshop was organized by InfySEC at SRM University on July 27 and 28,2013 . The expected participant count was 4500+ but on the day o...
EHACK : The Largest Information Security Awareness Marathon Globally
More than 9000+ participants enter the Guinness book of World Records for the largest congregation for information Security. E-Hack, world largest Ethical Hacking workshop was organized by InfySEC at SRM University on July 27 and 28,2013 . The expected participant count was 4500+ but on the day o...
Hacked Twitter account of The Associated Press posted bogus report of attack at White House
The Associated Press Twitter account has been hacked,and posted a bogus post about explosions at the White House and Barack Obama is injured. Within a few minutes, Twitter suspended the account, and Julie Pace, the chief White House correspondent for The A.P., announced at a White House briefing...
Hacked Twitter account of The Associated Press posted bogus report of attack at White House
The Associated Press Twitter account has been hacked,and posted a bogus post about explosions at the White House and Barack Obama is injured. Within a few minutes, Twitter suspended the account, and Julie Pace, the chief White House correspondent for The A.P., announced at a White House briefing...
Scams Exploiting Boston Marathon Explosion
Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the...
Bruce Schneier on the Boston Marathon Bombing and the Psychology of Fear
Dennis Fisher talks with Bruce Schneier about the effects of the Boston Marathon bombing, how the psychology of fear plays into people’s reactions to these events and what the political aftermath could be...
UK Govt. Investigating London Marathon Data Breach That Spilled Info On 38,000
The UK Information Commissioner’s Office ICO said it is looking into a possible data breach of the Website used by organizers of the London Marathon – major, international sporting event that attracted more than 37,000 runners for the 37th running on April 22nd. According to a BBC report, the hom...
DerbyCon Security Conference 2011
We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCo...
MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
MOPS-2010-018: EFront askchat chatroomsID SQL Injection Vulnerability May 9th, 2010 A preauth SQL injection vulnerability was discovered in the chat feature of EFront that allows retrieving all data from the database by simple URL manipulation. Affected versions Affected is EFront = 3.6.2 Credits...
CVE-2006-6664
Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details wer...
CVE-2006-6663
The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service application crash via unspecified vectors related to "gathering net games."...
CVE-2006-6663
The CVE-2006-6663 entry concerns the Marathon Aleph One server component, affected in versions prior to 0.17.1 and dated 2006-12-17. The vulnerability allows remote attackers to cause an application crash (denial of service) through unspecified vectors related to the process of “gathering net gam...
CVE-2006-6663
The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service application crash via unspecified vectors related to "gathering net games."...