Lucene search
K

200 matches found

Atlassian
Atlassian
added 2017/10/23 12:40 p.m.35 views

XSS Vulnerability in JIRA Issue Export

A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...

6.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/10/23 12:40 p.m.19 views

XSS Vulnerability in JIRA Issue Export

A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...

1.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/10/05 4:43 p.m.49 views

Data Breaches and Credential Stuffing: Don't Get TKOd

It has been a very rough month for the information security community. It feels like we've been on the losing end of a championship fight against Floyd Mayweather. The body shots started with Equifax https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628 and continued with...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/09/22 2:2 p.m.79 views

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers a...

9.3CVSS0.3AI score0.9923EPSS
Exploits55References3
Fedora
Fedora
added 2017/06/03 2:37 a.m.32 views

[SECURITY] Fedora 25 Update: wget-1.18-3.fc25

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

6.1CVSS1AI score0.03086EPSS
Exploits1
n0where
n0where
added 2017/05/31 10:45 p.m.33 views

Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

7.4AI score
Exploits0References2
Atlassian
Atlassian
added 2017/04/11 7:47 p.m.195 views

XSS Vulnerability in jira.issueviews:searchrequest-xml

The endpoint /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/|https://jira.uberinternal.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/-- is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and...

0.3AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2017/04/04 5:46 p.m.9 views

Details Around Romanian Phishing Kit Creator, Campaign Revealed

Researchers explained how they traced a cybercriminal’s tracks through a series of proxies, compromised web servers, and poorly secured routers. The suspect hasn’t been apprehended yet, but could be behind a larger campaign, they said. Peter Kruse and Jan Kaastrup, researchers with Denmark’s CSIS...

6.5AI score
Exploits0References4
OSV
OSV
added 2016/12/22 12:0 a.m.1 views

UBUNTU-CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

7.5CVSS6.7AI score0.13252EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2016/07/28 7:57 a.m.11 views

Using VPN in the UAE? You'll Be Fined Up To $545,000 If Get Caught!

If you get caught using a VPN Virtual Private Network in Abu Dhabi, Dubai and the broader of United Arab Emirates UAE, you could face temporary imprisonment and fines of up to $545,000 Dhs2 Million. Yes, you heard that right. Online Privacy is one of the biggest challenges in today's interconnect...

6.6AI score
Exploits0
Fedora
Fedora
added 2016/06/18 4:19 a.m.40 views

[SECURITY] Fedora 22 Update: wget-1.18-1.fc22

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

8.8CVSS1AI score0.45935EPSS
Exploits8
ThreatPost
ThreatPost
added 2016/06/15 1:35 p.m.15 views

Underground Market Selling Cheap Access to Hacked Servers

Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server...

7.7AI score
Exploits0References1
Fedora
Fedora
added 2015/12/14 11:55 a.m.13 views

[SECURITY] Fedora 22 Update: wget-1.16.3-2.fc22

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

1AI score
Exploits0
Fedora
Fedora
added 2015/11/30 9:23 p.m.17 views

[SECURITY] Fedora 23 Update: wget-1.17-1.fc23

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/10/06 3:0 p.m.13 views

Researchers Disrupt Angler Exploit Kit, $60 Million Ransomware Campaign

Researchers took a big step towards eradicating the Angler exploit kit, disrupting a large ransomware campaign connected to it that purportedly netted a hacker more than $30 million annually. According to a report published today, experts with Cisco’s Talos Security Intelligence and Research Grou...

7.1AI score
Exploits0References9
NVD
NVD
added 2015/09/18 12:0 p.m.19 views

CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...

5CVSS5AI score0.01658EPSS
Exploits0References7
Prion
Prion
added 2015/09/18 12:0 p.m.16 views

Design/Logic Flaw

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...

5CVSS6.2AI score0.01658EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2015/09/18 10:59 a.m.26 views

Code injection

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5CVSS6.1AI score0.01698EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2015/09/18 10:0 a.m.26 views

CVE-2015-5841

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5.7AI score0.01698EPSS
Exploits0References8
Kitploit
Kitploit
added 2015/05/07 9:17 p.m.20 views

Double the bang for your buck with Acunetix Vulnerability Scanner

Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner. Those signing up for a trial of the online version of Acunetix vulnerability scanner will now be able to scan their perimeter...

7.9AI score
Exploits0
Rows per page
Query Builder