firebrand.training XSS vulnerability

Open Bug Bounty ID: OBB-618208 Description| Value ---|--- Affected Website:| firebrand.training Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FTC Promotes Privacy Awareness Week

The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW May 14–18, 2018. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “From Principles to Practice,” focuses on...

Logic flaw vulnerability in the practical internship management support platform developed under the Higher Education Publishing House umbrella

The Higher Education Publishing House Practice Internship Management Support Platform is a system that provides practice internship management. A logic flaw vulnerability exists in the Practice Internship Management Support Platform developed under the Higher Education Publishing House. An attack...

[NetScaler Gateway Trace Study] - App Launch Through NetScaler Gateway

This trace study looks at a successful application launch via NetScaler Gateway. This example trace was carried out in a practice lab environment with the following IP addresses: VIP:10.90.33.172 NSIP:10.90.41.200 SNIP:192.168.0.2 Client: 10.90.41.87 SF: 192.168.0.6 XA: 192.168.0.3...

[Citrix Gateway Trace Study] – LDAP Authentication

This trace study looks at how LDAP authentication to the Citrix Gateway works, using a user called "garyca" as an example. This example trace was carried out in a practice lab environment with the following IP addresses: VIP:10.90.33.172 NSIP:10.90.41.200 SNIP:192.168.0.2 LDAP/AD server:192.168.0...

HackerOne: Missing Password Confirmation at a Critical Function (Payout Method)

Hey Hackerone Team, Payout being one the very important matter demands to be taken extra precaution. But at our lovable platform "Hackerone" there is no Password Confirmation at one of very critical functions i.e Payout Method/state Change. All the other important functions like : 1. Email Change...

Logic design loopholes in Wuhan Xinhongbo practice teaching management platform

Practice Teaching Management Platform is a comprehensive management platform integrating many functions such as resource construction, teaching practice, top practice, graduation design and experimental teaching counseling. Wuhan Xinhongbo Practice Teaching Management Platform has a logical desig...

Infogram: Email notification is not being sent while changing passwords

Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords. Impact:- Case-1:- -whenever a user requests a reset token for recovery of his account,a reset token is being to...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendo...

Sensitive Data Access: Where Traditional UBA Solutions Fall Short – Whiteboard Wednesday [Video]

In today’s global information economy an ever-increasing amount of sensitive data is collected, used, exchanged, analyzed, and retained. And with that comes an ever-increasing number of accidental or intentional data breaches. Identifying inappropriate access to data is paramount in stopping a...

Juniper Issues Security Alert Tied to Routers and Switches

Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team...

All Credentials and Backup Encryption Keys Become Invalid if Veeam Backup and Replication Is Manually Migrated to Another Machine

Challenge All credentials and backup encryption keys become unusable after manually migrating Veeam Backup and Replication software to a different machine. The term "manual migration," in this case, refers to the process of installing Veeam Backup & Replication on a new system and directing it to...

NTP Vulnerability

The Network Time Protocol NTP library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. Ref PAN-76130 / CVE-2017-6460 Successful exploitation o...

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

emerce.nl XSS vulnerability

Vulnerable URL: https://www.emerce.nl/best-practice/5-succesfactoren-ht-smart-home-os-morgen/"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 22.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 66776 VIP website status:| Yes Che...

WakaTime: Unsafe Inline and Eval CSP Usage

Hi Team, The HTTP header of the wakatime.com website includes an unsafe CSP parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed values, which in result can be misused for Cross-Site Scripting...

abelsdrivingschool.com XSS vulnerability

Vulnerable URL: http://abelsdrivingschool.com/abds/test/practice.asp?test=1"...

Kernel Vulnerability

A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane DP of PAN-OS is not affected by this...

SQL Injection Vulnerability in a Graduation Integrated Practice Management Platform

Hangzhou Wenzhao Technology Co., Ltd. has developed a comprehensive practice management platform for graduation, which greatly improves the efficiency of colleges and universities and realizes the networked and paperless office of colleges and universities. There is a SQL injection vulnerability ...

Cuvva: No Notification Sent When Email Is Changed.

We weren't sending notifications when a customer changed the email address on their account. This meant it was less likely the customer would notice if this happened maliciously. A simple best practise issue...