123 matches found
EUVD-2020-0161
Malware in sbrugna...
CVE-2004-2091
Microsoft Baseline Security Analyzer MBSA 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security...
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...
PortSwigger Web Security: Title: Deceptive Manipulation of HTTP to HTTPS with VPN in Burp Suite
Vulnerability description not provided...
Samsung adds Message Guard protection against zero-click exploits
Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...
iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass
Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...
HackerOne: API Last Request Date/Time Not Updating
Hi All, I believe I've found a minor vulnerability with regards to your API last request date/time. However, I could not find any documentation on what this value is supposed to represent / when it should be relied on so I debated reporting this but figured it might in fact be an issue. Descripti...
XSSER - From XSS to RCE
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...
PHP Captcha / Securimage 2.0.2 - Authentication Bypass - SO-11-007
No description provided by source. Sense of Security - Security Advisory - SOS-11-007 Release Date. 20-May-2011 Last Update. - Vendor Notification Date. 04-Apr-2011 Product. Securimage / PHPCaptcha Platform. PHP Affected versions. 1.0.4 - 2.0.2 Severity Rating. Medium Impact. Authentication bypas...
Google AD Sync Tool - Exposure of Sensitive Information Vulnerability
No description provided by source. Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severi...
FileBound 6.2 Privilege Escalation Vulnerability
No description provided by source. Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege...
Symfony2 - Local File Disclosure
No description provided by source. Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information...
cPassMan 1.82 - Arbitrary File Download
No description provided by source. Sense of Security - Security Advisory - SOS-11-004 Release Date. 15-Apr-2011 Last Update. - Vendor Notification Date. 7-Mar-2011 Product. Collaborative Passwords Manager cPassMan Platform. Independent PHP Affected versions. 1.82 verified, and possibly others...
silverstripe cms 3.0.2 - Multiple Vulnerabilities
No description provided by source. Sense of Security - Security Advisory - SOS-12-011 Release Date. 30-Nov-2012 Last Update. - Vendor Notification Date. 29-Oct-2012 Product. SilverStripe CMS Platform. Windows Affected versions. 3.0.2 Severity Rating. Medium Impact. Privilege escalation, cross-sit...
Iciniti Store - SQL Injection
No description provided by source. Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impac...
WordPress BackWPUp Plugin 2.1.4 Code Execution
No description provided by source. Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote without...
QNAP Turbo NAS 3.6.1 Build 0302T Multiple Vulnerabilities
No description provided by source. Sense of Security - Security Advisory - SOS-12-006 Release Date. 13-Jun-2012 Last Update. - Vendor Notification Date. 12-Mar-2012 Product. QNAP Platform. Turbo NAS verified and possibly others Affected versions. Firmware Version: 3.6.1 Build 0302T and prior...
Plume CMS 1.2.3 - Multiple SQL Injection Vulnerabilities
No description provided by source. Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory - SOS-09-006 Release Date. 12-Aug-2009 Last Update. - Vendor Notification Date. 16-Jun-2009 Product. Plume CMS Platform. Independent Affected versions. 1.2.3 verified, possibly others Severity...
Snom IP Phone - Privilege Escalation
No description provided by source. Sense of Security - Security Advisory - SOS-12-001 Release Date. 23-Feb-2012 Last Update. - Vendor Notification Date. 27-Jan-2012 Product. Snom IP Phone series Platform. Hardware Affected versions. All versions prior to v8.4.35 Severity Rating. High Impact...
Elcom CMS 7.4.10 Community Manager Insecure File Upload
No description provided by source. Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom...