90 matches found
CVE-2019-18658
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...
CVE-2019-18658
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...
Ektron CMS 9 Database Disclosure
Exploit Title : Ektron CMS 9 Database Disclosure Exploit Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/04/2019 Vendor Homepage : ektron.com episerver.com/products/platform/ektron/ Software Download Link :...
Cross site scripting
An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...
I is how to pass the ASP Secrets read Get 1. 7 million USD reward-vulnerability warning-the black bar safety net
ASP. NET application in the more common vulnerability is a local file disclosure. If you have never develop or use such technology, then the LFD exploit can be very difficult, and no practical effect. In this article, I describe how to attack a presence in the LFD vulnerability of the application...
Joomla! 3.3.x < 3.7.3 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input with multibyte characters. An unauthenticated, remote attacker can exploit...
Design/Logic Flaw
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmrcontent objects, which are queryable and "editable...
http-trane-info NSE Script
Attempts to obtain information from Trane Tracer SC devices. Trane Tracer SC is an intelligent field panel for communicating with HVAC equipment controllers deployed across several sectors including commercial facilities and others. The information is obtained from the web server that exposes...
Fuze Patches Bug That Exposed Recordings of Private Business Meetings
Fuze, an enterprise-grade voice and video collaboration platform, has patched a vulnerability that exposed recordings of private meetings. A fix was made server-side by Fuze, and a patch was pushed to its endpoint client apps within 11 days of being privately notified by researchers at Rapid7...
Plone CMS < 5.0.5 Information Disclosure Vulnerability
Plone CMS is prone to an information disclosure vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
Information disclosure
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...
PYSEC-2017-56
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...
CVE-2016-4042
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors...
Gratipay: set Pragma header
Data returned in web responses can be cached by user's browsers as well as by intermediate proxies. This directive instructs them not to retain the page content in order to prevent others from accessing sensitive content from these caches...
CVE-2015-7080
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...
Design/Logic Flaw
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...
Threat Outbreak Alert RuleID15545: Email Messages Distributing Malicious Software on May 27, 2015
Medium Alert ID: 39032 First Published: 2015 May 27 13:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID15545 may contain the following files: Name | Size...
cache_control
This plugin analyzes every HTTPS response and reports instances of incorrect cache control which might lead the users browser to cache sensitive contents on their system. The expected headers for HTTPS responses are: Pragma: No-cache Cache-control: No-store Plugin type Grep Options This plugin...
Provide HTTP headers for the content that absolutely must not be cached on the client
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...
Provide HTTP headers for the content that absolutely must not be cached on the client
We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...