293 matches found
Thomas Dullien on Complexity and Security
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides...
stthomasgirlsschool.com XSS vulnerability
Open Bug Bounty ID: OBB-628528 Description| Value ---|--- Affected Website:| stthomasgirlsschool.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CyberArk < 10 - Memory Disclosure Exploit
Exploit for linux platform in category remote exploits Exploit Title: CyberArk 10 - Memory Disclosure Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows...
Intel® Integrated Performance Primitives Cryptography Library Update
Summary: Some implementations in Intel® Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. - 4.7 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: Intel® Integrated Performance Primitives Cryptograph...
will.state.wy.us XSS vulnerability
Open Bug Bounty ID: OBB-618768 Description| Value ---|--- Affected Website:| will.state.wy.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Intel® SGX SDK and Intel® SGX Platform Software Updates
Summary: Intel® Software Guard Extensions Software Development Kit SDK and Platform Software PSW utilize the Intel® Integrated Performance Primitives Cryptography Library. Vulnerabilities in this cryptography library have been reported that may enable a local attacker running malware utilizing...
thomas-hill.no XSS vulnerability
Open Bug Bounty ID: OBB-591879 Description| Value ---|--- Affected Website:| thomas-hill.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
January 22, 2018 – Morning Cyber Coffee Headlines – “NFL” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 22, 2018 - Headlines Carbon Black in the News: Strategic Cyber Ventures...
About the security content of macOS High Sierra 10.13.2 Supplemental Update - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Many high-risk SVGA code execution vulnerability bug,VMware efforts to be patched-vulnerabilities and early warning-the black bar safety net
VMware this week announced a patch to fix a number of vulnerabilities flaws bug, contains a major vulnerability flaws bugs, exploits flaws bug touches the product containing ESXi, vCenter Server, Workstation and Fusion. This is the major vulnerability flaws bug number for CVE-2017-4924, which is ...
www3.thomas.edu XSS vulnerability
Open Bug Bounty ID: OBB-298140 Description| Value ---|--- Affected Website:| www3.thomas.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
custominteriorsbythomas.com XSS vulnerability
Vulnerable URL: http://custominteriorsbythomas.com/?s=%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...
mytmc.thomasmore.edu XSS vulnerability
Vulnerable URL: https://mytmc.thomasmore.edu/ICS/Admissions/?tool=search=%22%3E%3Cimg%20src=x%20onerror=prompt/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...
Media - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-044
This module provides intuitive ways to manage large libraries of media, insert or display or import various types of media either through fields or a wysiwyg interface. Versions of this module prior to 7.x-2.1 or 7.x-3.0-alpha5 did not sufficiently whitelist input parameters for the media browser...
thomasoppermann.de XSS vulnerability
Vulnerable URL: http://www.thomasoppermann.de/suche.php Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 19:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5607741 VIP website status:| No Check...
thomas-mahlberg.de XSS vulnerability
Vulnerable URL: http://www.thomas-mahlberg.de/index.php Details: Description| Value ---|--- Patched:| Yes, at 26.04.2017 Latest check for patch:| 26.04.2017 10:40 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
Cris Thomas on Cyberwar Rhetoric
Cris Thomas of Tenable Networks, aka Space Rogue of the L0pht, talks to Mike Mimoso during RSA Conference about the rhetoric and hype surrounding cyberwar, as well as a quick trip down memory lane with the L0pht and its famous 1998 testimony before Congress. Download:...
[SECURITY] [DSA 3784-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq -...
OpenLucius - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-004
OpenLucius is a work management platform for social communication, documentation, and projects. The distribution doesn't sufficiently use tokens when marking messages for users as read thereby exposing a Cross Site Request Forgery CSRF vulnerability. The distribution does not sufficiently filter...