140 matches found
A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security
Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...
Never Mind the Ears, Here's Security Nation
It's another year down and another season down for Security Nation. With the close of our fifth season, I wanted to take a minute here to reflect on who we spoke with and what we talked about. The show titles focus as you would expect on the individual interview subjects, but there's a bunch of...
stevecramerrealtor.com Cross Site Scripting vulnerability OBB-3089230
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
californiastevewebdesign.com Cross Site Scripting vulnerability OBB-2958782
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
@toggled-apps/react-native-collapsible-scroll (>=1.0.0 <=1.0.2), @toggled-apps/react-native-product-carousel (=1.0.3) +9 more potentially affected by CVE-2022-24373 via react-native-reanimated (>=2.0.0-rc.0 <=2.0.1)
react-native-reanimated NPM version =2.0.0-rc.0, =1.0.0, =1.0.0, =41.0.0, =41.0.0, =1.0.0, =1.1.0, =1.1.2 - ui-ux =0.0.1 Source cves: CVE-2022-24373 Source advisory: SNYK:JS-REACTNATIVEREANIMATED-2949507...
[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence
!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...
Get to Know Steve Povolny
Meet Steve Povolny Head of Advanced Threat Research for Trellix Threat Labs By Michael Alicea · May 17, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Steve Povolny, Head of Advanced Threat Research for Trellix Threat Labs. As he is one of the leading...
Permissive parameters and privilege escalation
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
What is Ping of Death Assault?
Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...
WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites
Redirect to malicious websites found by Steve Perry in WordPress Digital Climate Strike WP plugin versions = 1.0.0. Solution 2021-01-21 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of January 20, 2021 and is not available f...
Steve Bannon, a $25M Border Wall Campaign, and a GoFundMe Gone Bad
We Build the Wall raised millions. Now the DOJ says its operators—including the former Trump aide—skimmed hundreds of thousands off the top...
Apple co-founder Steve Wozniak sues YouTube over Bitcoin scams on his name
By Zara Khan Steve Wozniak has sued Google and YouTube over Bitcoin giveaway scams. This is a post from HackRead.com Read the original post: Apple co-founder Steve Wozniak sues YouTube over Bitcoin scams on his name...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Memory Corruption
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Steve Pallen Xain Cross-Site Scripting Vulnerability
Steve Pallen Xain is a library that provides HTML markup for Elixir. A cross-site scripting vulnerability exists in versions of Steve Pallen Xain prior to 0.6.2, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'order' parameter...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...