Visa, MasterCard Remove Passwords from 3D Secure

Payment giants Visa and MasterCard announced plans to eliminate the need for password authentication in the companies’ respective “Verified by Visa” and “SecureCode” payment platforms which are designed to add an additional layer of security to online transactions. In a press release, MasterCard...

X (Formerly Twitter): Options Method Enabled

Vuln Details: Domain: https://vine.co/ I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact: Information disclosed from this page can be used to gain additional information about the target system Remedy: Disable OPTIONS method in all production systems...

Smartphone Owners Lack Motivation to Adequately Lock Devices

A quarter of smartphone owners don’t lock their devices because they don’t believe they have any data worth protecting. Even more refrain from doing it because they feel like it’s too much of a hassle. That’s at least according to a new study carried out by six researchers, four from the Universi...

SA-CONTRIB-2014-106 - Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass

This module provides payment methods for the Drupal Commerce package to permit the use of the Authorize.Net payment gateway's SIM and DPM payment protocols. Access Bypass The module doesn't sufficiently protect the Drupal Commerce order number passed to the Authorize.Net payment gateway, allowing...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

CVE-2014-0168

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

CVE-2014-0168

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

X (Formerly Twitter): Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]

i've found a new critical logical vulnerability that allow deleteing credit card of any twitter account in ads.twitter.com , the vulnerability affects the Dismiss functionality of credit cards in payments methods section the vulnerability is similair to the one i've reported earlier h1 report 272...

CVE-2014-3514

activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes createwith calls...

Ubuntu 14.04 LTS : Subversion vulnerabilities (USN-2316-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2316-1 advisory. Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote...

ssh-auth-methods NSE Script

Returns authentication methods that a SSH server supports. This is in the "intrusive" category because it starts an authentication with a username which may be invalid. The abandoned connection will likely be logged. Example Usage nmap -p 22 --script ssh-auth-methods --script-args="ssh.user="...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

Lynis 1.5.9 - Security auditing tool for Unix/Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...