WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Orpheus versions = 1.3...

EUVD-2017-2740

Malware in sbrugna...

orpheus-music.org Cross Site Scripting vulnerability OBB-3580132

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

orpheus-music.com Cross Site Scripting vulnerability OBB-3260037

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

orpheus-music.org Cross Site Scripting vulnerability OBB-3206754

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

orpheus-music.org Cross Site Scripting vulnerability OBB-2136613

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

orpheus-reisen.ch Cross Site Scripting vulnerability OBB-1392947

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

orpheus-music.com XSS vulnerability

Open Bug Bounty ID: OBB-594893 Description| Value ---|--- Affected Website:| orpheus-music.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

BSA-2017-384

Security Advisory ID : BSA-2017-384 Component : HEIMDAL/ KERBEROS 5 Revision : 2.0: Interim OHeimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In...

Fedora 25 : heimdal (2017-5d6a9e0c9c) (Orpheus' Lyre)

Update to 7.4.0 GA release CVE-2017-11103 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Debian DSA-3912-1 : heimdal - security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext Ticket, rather than the authenticated and encrypted KDC response. A man-in-the-middle...

Debian DSA-3909-1 : samba - security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center KDC-REP component and could be used ...

Debian DLA-1027-1 : heimdal security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in Heimdal Kerberos. Also known as Orpheus' Lyre, this vulnerability could be used by an attacker to mount a service impersonation attack on the client if he's on the network path between the...

FreeBSD : samba -- Orpheus Lyre mutual authentication validation bypass (85851e4f-67d9-11e7-bc37-00505689d4ae) (Orpheus' Lyre)

The samba project reports : A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

Code injection

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

CVE-2017-11103

CVE-2017-11103 affects Heimdal (Kerberos); vulnerability arises from improper handling of the KDC-REP service name in krb5_extract_ticket, enabling remote service impersonation when the unencrypted service name is used instead of the encrypted enc_part. Apple’s security content (HT208112/HT208221...