176 matches found
Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
secured-sites.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-551376 Description| Value ---|--- Affected Website:| secured-sites.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Stolen security logos used to falsely endorse PUPs
To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they...
Meltdown and Spectre: what you need to know
UPDATE as of 1/12/18: Several vendors have produced patches for Meltdown and Spectre, however performance problems dog the fixes. Details on the patches were published here. UPDATE as of 1/04/18: Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the...
Information disclosure
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...
vacature.mitula.nl XSS vulnerability
Vulnerable URL: https://vacature.mitula.nl/searchJ/q-hola%22'--!%3E%3CImage%20SrcSet=K%20OnError=confirm'OPENBUGBOUNTY'%3E/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk
Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability CVE-2017-9765, discovere...
mp4music.net XSS vulnerability
Vulnerable URL: http://mp4music.net/search/%3Cimg%20src=x%20onerror=prompt%22OPENBUGBOUNTY%22%3E.html Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 213414 VIP website status:| No Check mp4music.net SSL...
creditcards.com XSS vulnerability
Vulnerable URL: http://www.creditcards.com/credit-cards/usaa-secured-card-platinum-visa-231210934.php?catid=1/-///'/"//--...
CVE-2016-6068
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...
CVE-2016-6068
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...
secure-qa.paycor.com XSS vulnerability
Vulnerable URL: https://secure-qa.paycor.com/Accounts/Authentication/Signin?l=true%22alert%27OPENBUGBOUNTY%27;%20if%22 Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 22:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
Palo Alto Networks User-ID Agent < 7.0.4 TLS-Secured API Invocation Credential Disclosure (PAN-SA-2016-0007)
The version of Palo Alto Networks User-ID agent installed on the remote Windows host is prior to 7.0.4. It is, therefore, affected by a flaw that allows a TLS-secured API call to return encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for...
loringbrister.net XSS vulnerability
Vulnerable URL: http://www.loringbrister.net/search.php?s=%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP...
SEE - Sandboxed Execution Environment
Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...
Top 8 Cyber Security Tips for Christmas Online Shopping
As the most wonderful time of the year has come - Christmas, it has brought with itself the time of online shopping. According to National Retail Federation, more than 151 million people shopped in store, but more than 100 Million shopped online during Cyber Monday sales and even why wouldn't it ...
energywatch.org.in XSS vulnerability
Vulnerable URL: http://www.energywatch.org.in/unsubscribe.php?email=%27%22%3E%3E%3C/title%3E%27%22%3ESCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28/XSSPOSED/%29%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability...
VK.com: Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
Install the app Login with Valid credentials Settings - Choose Secured connection HTTPS Close the app Set the proxy and Open the app verify that Connection isn't Secured and able to intercept PFA POC Expected Result : Secured layer & SSL PINING should be applied successfully...
OpenVAS - The World's Most Advanced Open Source Vulnerability Scanner and Manager
The Open Vulnerability Assessment System OpenVAS is a framework of several services and tools. The core of this SSL-secured service-oriented architecture is the OpenVAS Scanner. The scanner very efficiently executes the actual Network Vulnerability Tests NVTs which are served with daily updates v...
IT-Grundschutz M4.015: Gesichertes Login
IT-Grundschutz M4.015: Gesichertes Login Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4015.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.015 Authors: Thomas Rotter Copyright: Copyright c 2015 Greenbone Networks GmbH,...