Lucene search
+L

140 matches found

Spring Security Advisories
Spring Security Advisories
added 2023/04/13 12:0 a.m.11 views

A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/21 2:0 p.m.21 views

Never Mind the Ears, Here's Security Nation

It's another year down and another season down for Security Nation. With the close of our fifth season, I wanted to take a minute here to reflect on who we spoke with and what we talked about. The show titles focus as you would expect on the individual interview subjects, but there's a bunch of...

7.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/12/07 4:24 p.m.14 views

stevecramerrealtor.com Cross Site Scripting vulnerability OBB-3089230

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/09/27 6:45 p.m.17 views

californiastevewebdesign.com Cross Site Scripting vulnerability OBB-2958782

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/13 2:50 p.m.6 views

@toggled-apps/react-native-collapsible-scroll (>=1.0.0 <=1.0.2), @toggled-apps/react-native-product-carousel (=1.0.3) +9 more potentially affected by CVE-2022-24373 via react-native-reanimated (>=2.0.0-rc.0 <=2.0.1)

react-native-reanimated NPM version =2.0.0-rc.0, =1.0.0, =1.0.0, =41.0.0, =41.0.0, =1.0.0, =1.1.0, =1.1.2 - ui-ux =0.0.1 Source cves: CVE-2022-24373 Source advisory: SNYK:JS-REACTNATIVEREANIMATED-2949507...

7.5CVSS7.1AI score0.01257EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/06/22 6:0 p.m.19 views

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...

0.3AI score
Exploits0
Trellix
Trellix
added 2022/05/17 12:0 a.m.7 views

Get to Know Steve Povolny

Meet Steve Povolny Head of Advanced Threat Research for Trellix Threat Labs By Michael Alicea · May 17, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Steve Povolny, Head of Advanced Threat Research for Trellix Threat Labs. As he is one of the leading...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/10 10:35 p.m.23 views

Permissive parameters and privilege escalation

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...

6.5CVSS4AI score0.00896EPSS
Exploits0References3Affected Software1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/05/24 6:3 a.m.160 views

What is Ping of Death Assault?

Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2021/01/20 12:0 a.m.9 views

WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites

Redirect to malicious websites found by Steve Perry in WordPress Digital Climate Strike WP plugin versions = 1.0.0. Solution 2021-01-21 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of January 20, 2021 and is not available f...

3AI score
Exploits0References2Affected Software1
Wired Threat Level
Wired Threat Level
added 2020/08/20 7:28 p.m.36 views

Steve Bannon, a $25M Border Wall Campaign, and a GoFundMe Gone Bad

We Build the Wall raised millions. Now the DOJ says its operators—including the former Trump aide—skimmed hundreds of thousands off the top...

0.3AI score
Exploits0
HackRead
HackRead
added 2020/07/26 11:36 a.m.23 views

Apple co-founder Steve Wozniak sues YouTube over Bitcoin scams on his name

By Zara Khan Steve Wozniak has sued Google and YouTube over Bitcoin giveaway scams. This is a post from HackRead.com Read the original post: Apple co-founder Steve Wozniak sues YouTube over Bitcoin scams on his name...

2AI score
Exploits0
Veracode
Veracode
added 2019/05/02 5:40 a.m.35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References19Affected Software1
Veracode
Veracode
added 2019/05/02 5:40 a.m.30 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References27Affected Software2
Veracode
Veracode
added 2019/05/02 5:39 a.m.50 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS8.6AI score0.07417EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2019/05/02 5:39 a.m.41 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS8.6AI score0.07417EPSS
Exploits0References21Affected Software2
CNVD
CNVD
added 2018/12/21 12:0 a.m.5 views

Steve Pallen Xain Cross-Site Scripting Vulnerability

Steve Pallen Xain is a library that provides HTML markup for Elixir. A cross-site scripting vulnerability exists in versions of Steve Pallen Xain prior to 0.6.2, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'order' parameter...

6.1CVSS5.9AI score0.0087EPSS
Exploits1References1
NVD
NVD
added 2018/12/20 9:29 a.m.20 views

CVE-2018-20301

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...

6.5CVSS6.4AI score0.00896EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 9:29 a.m.16 views

CVE-2018-20301

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...

6.5CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2018/12/20 9:0 a.m.23 views

CVE-2018-20301

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...

6.4AI score0.00896EPSS
Exploits0References1
Rows per page
Query Builder