4144 matches found
e-svet.e15.cz XSS vulnerability
Vulnerable URL: http://e-svet.e15.cz/vyhledavani?q=" XANY Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Chec...
Petya-like Ransomware Explained
TL;DR summary June 28 and beyond: A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target...
sherwoodparkchev.com XSS vulnerability
Vulnerable URL:...
Bad Code Library Triggers Devil's Ivy Vulnerability in Millions of IoT Devices
Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by researchers at Senrio...
Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs...
Unwelcome Interruptions
Imagine your player's first experience with your game. Finally, after waiting all these years, she's got the game in hand. She tears the cellophane, cracks the case, slots the disc, and . . . "Game is now updating. Please wait." Watching 20 GB load onto a machine is not anyone's idea of fun. I ha...
gagosian.com XSS vulnerability
Vulnerable URL: http://www.gagosian.com/search?query=%27%22%3E%3Csvg%2Fonload%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 16:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alex...
Memcached - A Story of Failed Patching & Vulnerable Servers
This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick BiasiniMemcached - Not secure, Not Patched Fast Enough Recently high profile vulnerabilities in systems were used to unleash several global ransomware attacks that greatly impacted organizations. These types o...
SAP Patches High-Risk Flaws in SAP POS, Host Agent
SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws that could allow an attacker to gain access to SAP POS, the company’s client/server point-of-sale PoS solution. The issues in SAP POS, a series of missing authorization checks, could let...
flrules.org XSS vulnerability
Vulnerable URL: https://www.flrules.org/gateway/Division.asp?toType="=347=ID Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 215068 VIP website status:| Yes Check flrules.org SSL...
hackfacebookfree.net XSS vulnerability
Vulnerable URL: http://hackfacebookfree.net/successfiles/login.php?fbuid=/%27%22-%20-!%3E%20%3Cimg%20src=x%20onerror=alert%22OPENBUGBOUNTY%22%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
Symantec Messaging Gateway Multiple Vulnerabilities
SUMMARY Symantec has released an update to address three issues that were discovered in the Symantec Messaging Gateway SMG. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2017-6326 CVE-2017-6324 CVE-2017-6325 | Prior to 10.6.3 | Upgrade to 10.6.3 an...
Ransomware & Advanced Attacks: Servers are Different
Ransomware and other advanced attacks are the scourge of the modern IT security team. If allowed to gain access to your IT environment, these attacks could shut down the organization, denying access to mission critical applications & data for potentially days, or even indefinitely. The result? Th...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017
“What can you sit on, sleep on, and brush your teeth with?” This was the question posed to Steve Martin’s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand's 1897 verse play Cyrano de Bergerac, the movie centers around C.D.’s attempt to win the love of a woman whi...
schellenberg.de XSS vulnerability
Vulnerable URL:...
Reverse Engineering Framework: radare2
Reverse Engineering Framework: radare2 r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzin...
hollywoodimportsinc.com XSS vulnerability
Vulnerable URL: http://www.hollywoodimportsinc.com/detail.php?vehicleid=293977page=search.php"'--!==color==year=year==by=priceorder=ASCpage=20num=3run=Foptions=Tstyle= Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
ShadowBrokers Put Price on Monthly Zero Day Leaks
The threat posed by the first wave of ShadowBrokers leaks of Equation Group hacking tools was relatively benign. Some vendors had to scramble to patch zero days in older versions of products, but for the most part, the leaks and accompanying auction were more of a novelty. That obviously changed...
Samba Vulnerability CVE-2017-7494
On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host. Samba is used to provide SMB and CIFS services for Linux systems, and is...
Pacemaker Ecosystem Fails its Cybersecurity Checkup
Pacemakers continue to be the front line of medical device security debates after a research paper published this week described a frightening list of cybersecurity issues plaguing devices built by leading manufacturers, including a lack of authentication and encryption, and the use of third-part...