Lucene search
K

2641 matches found

Hacker One
Hacker One
added 2015/12/03 9:39 a.m.24 views

Mail.ru: [babel.mail.ru] Admin Page Found

Access to babel.mail.ru admin page was not sufficiently filtered, allowing accounts bruteforcing. bable.mail.ru is not directly listed in the bug bounty scope, but this vulnerability could affect projects in the scope...

3AI score
Exploits0
Hacker One
Hacker One
added 2015/11/03 9:3 a.m.35 views

Mail.ru: Potential SSRF in sales.mail.ru

SSRF in the project outside of bug bounty program's scope. Despite the project is out-of-scope, bounty was rewarded due to problem severity. i reported this issue as xss one year ago, so i found a directory, where one can upload /flashtest.htm?show=upload swf files, i uploaded malicious swf file...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2015/11/02 4:10 p.m.9 views

Mail.ru: [evo2.my.com] Reflected XSS

Browser-specific reflected XSS via POST parameters in evo2.my.com. evo2.my.com is not covered by bug bounty scope...

3.7AI score
Exploits0
Hacker One
Hacker One
added 2015/11/01 7:38 p.m.9 views

Mail.ru: [games.my.com] Reflected XSS

Browser-specific reflected XSS via URI parameters in games.my.com. games.my.com is not covered by bug bounty scope...

3.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/09/23 12:0 a.m.30 views

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2743-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2743-1 advisory. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered...

9.3CVSS9.2AI score0.0608EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2015/09/03 4:6 p.m.3 views

chromium-browser: Permission scoping error in WebRequest

The WebRequest API implementation in extensions/browser/api/webrequest/webrequestapi.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted 1 app or 2...

7.5CVSS7.4AI score0.0224EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2015/07/29 2:41 p.m.15 views

Researchers Hack TrackingPoint Rifle's Precision Targeting System

TrackingPoint rifles are state-of-the-art precision hunting and sniper rifles that come equipped with a networked tracking scope that’s accessible via Wi-Fi, and comes complete with USB ports and a mobile app. It’s almost foolproof shooting, albeit at a $13,000 price tag. And the security of all ...

0.2AI score
Exploits0
myhack58
myhack58
added 2015/07/22 12:0 a.m.31 views

PHPCMS \phpcms\modules\member\index.php user login SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

catalog 1. Vulnerability description 2. Vulnerability trigger conditions 3. Vulnerability scope 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking 1. Vulnerability description 2. Vulnerability trigger conditions 0x1: POC http://localhost/phpcmsv9/index. php?...

0.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/07/13 1:50 p.m.8 views

PCI Scope Assessments for Higher Education Institutions

With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQs they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new...

1.7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/06/03 12:0 a.m.39 views

Seagate Central 2014.0410.0026-F - Remote Facebook Access Token

!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.38 views

SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)

This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available. CVE-2014-5119 -...

7.5CVSS7.8AI score0.18099EPSS
Exploits6References15
0day.today
0day.today
added 2015/04/09 12:0 a.m.138 views

BOA Web Server 0.94.8.2 - Arbitrary File Access Vulnerability

Exploit for linux platform in category web applications Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Author: llmora Release: Public S 2 1 S E C http://www.s21sec.com Vulnerability in BOA web server v0.94.8...

5CVSS7.6AI score0.08358EPSS
Exploits2
CNVD
CNVD
added 2015/02/26 12:0 a.m.2 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2015-01286)

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. Mozilla Firefox suffers from a buffer overflow vulnerability because it fails to scope check properly before copying user-supplied data into a sufficiently sized buffer, allowing an...

6.8CVSS7.7AI score0.06029EPSS
Exploits0References1
Prion
Prion
added 2015/02/23 2:59 a.m.19 views

Design/Logic Flaw

The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...

4.3CVSS7.1AI score0.00478EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/02/05 12:0 a.m.16 views

Fedora 20 : vorbis-tools-1.4.0-13.fc20 (2015-1191)

do not use stack variable out of its scope of validity CVE-2014-9640 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

5CVSS5.6AI score0.03243EPSS
Exploits0References3
myhack58
myhack58
added 2015/01/29 12:0 a.m.31 views

The Ghost vulnerability the GHOST affects a large number of Linux operating system and its release version update repair programme-vulnerability warning-the black bar safety net

Security researchers have recently exposed a named Ghost(GHOST)a serious security vulnerability, this vulnerability may allow an attacker remote accessoperating systemis the highest control authority, the impact of the market on a large number of Linux operating system and its release version. Th...

0.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/01/27 6:46 p.m.5 views

chromium-browser: use-after-free in DOM

Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper...

7.5CVSS7.6AI score0.01605EPSS
Exploits0References5
CNVD
CNVD
added 2015/01/26 12:0 a.m.5 views

Google Chrome DOM Memory Misreference Code Execution Vulnerability

Google Chrome is a popular WEB browser. A memory misreference vulnerability in Google Chrome DOM real core/events/TreeScopeEventContext.cpp allows attackers to construct a malicious WEB page and trick users into parsing it, which could crash the application or execute arbitrary code...

7.5CVSS7.2AI score0.01605EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/01/20 8:33 p.m.7 views

Like a Nesting Doll, Vawtrak Malware Has Many Layers

Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll. Virus Bulletin published a deep dive on the malware penned by Raul Alvarez, a researcher with Fortinet,...

0.2AI score
Exploits0References3
OSV
OSV
added 2015/01/10 2:59 a.m.2 views

DEBIAN-CVE-2015-0559

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service application crash via a crafted packet, related to the use of packet-scope memory instead ...

5CVSS7.5AI score0.01578EPSS
Exploits0References1
Rows per page
Query Builder