Lucene search
K

2621 matches found

Veracode
Veracode
added 2016/12/02 10:20 a.m.14 views

Unauthorised Modification Of Permission Scope

spring-security-oauth2 is vulnerable to unauthorised modification of scope. A malicious user can submit a scope parameter during token request, which will be accepted by the server. This allows the malicious user to gain a wider scope of permissions when they authenticate...

6.9AI score
Exploits0
OSV
OSV
added 2016/11/17 5:59 a.m.3 views

DEBIAN-CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

5.9CVSS6.4AI score0.01717EPSS
Exploits0References1
OSV
OSV
added 2016/11/17 5:59 a.m.3 views

UBUNTU-CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

5.9CVSS6.6AI score0.01717EPSS
Exploits0References5
Atlassian
Atlassian
added 2016/11/03 6:49 p.m.19 views

"Allowed review participants" isn't restricting the scope for groups

h3. Summary The "Allowed review participants" option in the project settings isn't restricting the scope for groups when searching for reviewers to be added to a review, therefore all the groups are listed, even the ones not included as allowed groups. h3. Environment Tested on Crucible 4.2.0 h3...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/03 6:49 p.m.21 views

"Allowed review participants" isn't restricting the scope for groups

h3. Summary The "Allowed review participants" option in the project settings isn't restricting the scope for groups when searching for reviewers to be added to a review, therefore all the groups are listed, even the ones not included as allowed groups. h3. Environment Tested on Crucible 4.2.0 h3...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2016/10/26 7:40 p.m.41 views

Informatica: [parc.informatica.com] Reflected Cross Site Scripting and Open Redirect

Hi ! I just want to report you a vulnerability in your subdomain ,,parc'' Description In this link https://parc.informatica.com/partners/apex/Cloudchat?endpoint= the vulnerable parameter is ,,endpoint''. Once the parameter takes the value of a XSS vector or a website link the code is executed aft...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/10/21 6:39 a.m.22 views

LocalTapiola: Email Server Compromised at secure.lahitapiola.fi

Issue The reporter found that the secure email service secure.lahitapiola.fi in the LocalTapiola network had some issues. The reporter found a way to tamper with message data before the message was actually sent out. By utilizing this finding, the reporter was able to send out legitimate looking...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2016/10/05 6:31 p.m.6 views

NSA Contractor Secretly Charged With Stealing Classified Secrets

The Federal Bureau of Investigation arrested a National Security Agency contractor working for Booz Allen Hamilton and charged him with stealing highly classified documents. Harold T. Martin III, of Glen Burnie, Md was charged in a criminal complaint filed in late August that became public...

7.2AI score
Exploits0References3
Prion
Prion
added 2016/09/30 12:59 a.m.18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops...

6.8CVSS7.8AI score0.00726EPSS
Exploits0References2Affected Software5
OSV
OSV
added 2016/09/25 12:0 a.m.3 views

UBUNTU-CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

6.5CVSS7.1AI score0.0186EPSS
Exploits0References4
Citrix
Citrix
added 2016/08/26 12:0 a.m.8 views

Provisioning Services: Support Statement for Multiple PVS Farms pointing to different Databases in one Subnet

Question: Can we boot targets using PXE boot in Subnet where we have 2 PVSServer in 2 different farms pointing to different database? Answer: This is not supported because when targets boot using PXE services, it broadcasts a packet and if it contacts a PVS Server which does not have entry for...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2016/08/04 8:57 a.m.10 views

Service worker meeting notes

On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...

6.4AI score
Exploits0
Mageia
Mageia
added 2016/07/08 7:50 p.m.43 views

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS1.6AI score0.25737EPSS
Exploits0References3
OSV
OSV
added 2016/07/08 7:50 p.m.5 views

MGASA-2016-0244 Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS8.1AI score0.25737EPSS
Exploits0References4
Filippo.io
Filippo.io
added 2016/07/03 10:29 a.m.23 views

Analyzing Go Vendoring with BigQuery

GitHub published a snapshot of all the public open-source repositories to BigQuery and Francesc used it to draw some cool statistics about Go projects. I used the same dataset to analyze how the Go ecosystem does vendoring. Disclosure: there's some ego stroking here, as I'm the author of gvt. Try...

6.8AI score
Exploits0
OSV
OSV
added 2016/07/02 2:59 p.m.3 views

CVE-2016-0400

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

6.1CVSS5.9AI score0.0214EPSS
Exploits2References4
The Hacker News
The Hacker News
added 2016/06/23 10:18 p.m.12 views

Uber Hack lets anyone find Unlimited Promo Codes for Free Uber Rides

An Independent Security Researcher from Egypt has discovered a critical vulnerability in Uber app that could allow an attacker to brute force Uber promo code value and get valid codes with the high amount of up to $25,000 for more than one free rides. Mohamed M.Fouad has discovered a "promo codes...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/06/17 12:34 p.m.12 views

Nextcloud: stats.nextcloud.com: Content Injection

Hello Team, Found Same issue on Your Another Subdomain , Content injection : https://stats.nextcloud.com/has%2f%20beed%20to%20https://www.ATTACKER.COM.%20so%20please%20visit%20https://www.ATTACKER.COM%20as%20your%20requested%20link Though It is Not in a scope but Want to Make you aware of it :...

0.2AI score
Exploits0
erpscan
erpscan
added 2016/06/17 12:0 a.m.155 views

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

4CVSS6.8AI score0.01373EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.46 views

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...

8.1CVSS8.5AI score0.13122EPSS
Exploits0
Rows per page
Query Builder