Visualizing Spectre/Meltdown Impact and Remediation Progress

In order to determine the impact of Spectre/Meltdown and track remediation progress across your entire environment, it is important to visualize vulnerability detections in a dynamic dashboard. For more information on Spectre and Meltdown, please see our previous blog. Using Qualys AssetView, we...

Spectre and Meltdown Attacks Against Microprocessors

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...

Carbon Black Solutions Currently Compatible With Major OS Vendor Patches on Meltdown & Spectre

Recently, researchers have released details on two classes of vulnerabilities in modern CPU hardware. These vulnerabilities affect unprecedented numbers of systems and are some of the more difficult issues to address in recent history. These vulnerabilities, dubbed Meltdown and Spectre, may be...

phpMars 1.0.9 Cross Site Scripting

Exploit Title: phpMars - Photos Social Network instagram clone - Cross Site Scripting Google Dork: N/A Date: 2017/20/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://grohsfabian.com/ Software Buy:...

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation

I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out another release - 4.0.24 - after that but didn't upda...

bluegreenkorea.co.kr XSS vulnerability

Vulnerable URL: http://www.bluegreenkorea.co.kr/bbs.php?table=helpdesk=%22%27--!%3E%3C/Title/%3C/Style/%3C/Script/%3C/c/%3C/Noscript/%3C/Pre/%3C/Xmp%3E%3CBody/OnPageShow=confirm/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:|...

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions. First of all, I want to say that two main Moscow events for information security practitioners, PHDays and...

brillianshop.com XSS vulnerability

Vulnerable URL: https://brillianshop.com/app/goods/search.php/%22%3E%3Cimg%20src=x%20onerror=alert%27XSS%27%3E// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9730631 VIP website status:| No Coordinated...

Trello: Able to run script on https://trello-attachments.s3.amazonaws.com/ [N/A]

HI Trello Security Team this pratik From India ------------------------------------------------------------------------------ I have Founded Stored XSS On your Website critical issue need to be patched before someoneattacker exploit this...

groups.ch XSS vulnerability

Vulnerable URL: http://www.groups.ch/de/kontaktgruppen.html?action=kontakt Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 786320 VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|--...

3 Reasons to Use VMware NSX with Trend Micro Deep Security

Enterprises have begun adopting network virtualization for their IT infrastructure. According to a 2016 survey conducted by Accenture, 95 percent of small, medium, and large enterprises believe “network services will be virtualized.” Meanwhile, 25 percent of those who have adopted network...

pastorchrislive.net XSS vulnerability

Vulnerable URL: http://pastorchrislive.net/ChristmasEve2016/register.php?id=385%22%3E%3Csvg%3E%3Cscript%3E/%3C@/%3Eprompt/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1993824 VIP...

Rockwell Automation Stratix 5100 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

orderfood.com.cy XSS vulnerability

Vulnerable URL: http://orderfood.com.cy/searchResult.php?searcharea=La=%22%3E%3CimG/sRc=l%20oNerrOr=prompt/OPENBUGBOUNTY/%20x%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

secure.asteas.com XSS vulnerability

Vulnerable URL: https://secure.asteas.com/myasteas/?goto=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure...

Recent Wi-Fi KRACK Vulnerability Affects Almost Everyone With an Endpoint

A vulnerability might allow cyber criminals to intercept data being transmitted between Wi-Fi access points and endpoints, recent research has uncovered. The vulnerability, known as KRACK, short for Key Reinstallation Attacks, affects WPA2, which is widely used by many Wi-Fi enabled devices and c...

reginamusicboxcenter.com XSS vulnerability

Vulnerable URL: http://www.reginamusicboxcenter.com/lookup.php?id=13'" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9411695 VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|---...

globalnoticeboard.com XSS vulnerability

Vulnerable URL: https://globalnoticeboard.com/topstories.php?q="=AD=== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1040551 VIP website status:| No Coordinated Disclosure Timelin...

zalaand.af XSS vulnerability

Vulnerable URL: http://zalaand.af/fullstory.php?id=53850%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 465894 VIP website status:| No Coordinated Disclosure...

hermanusthingstodo.com XSS vulnerability

Vulnerable URL: http://www.hermanusthingstodo.com/redirect.php?url=www.supremesharks.comid=166name==13'"12 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5854407 VIP website status:| No Check...