Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 EncryptInterceptor fail-open bypass in Apache...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486-Tribes Apache Tomcat Tribes cluster communicat...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 — Apache Tomcat EncryptInterceptor RCE Apa...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of Kubernetes bearer tokens being printed in logs of the cloud membership for clustering module. Remediation Upgrade org.apache.tomcat:tomcat-tribes to version 9.0.117, 10.1.5...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the EncryptInterceptor's messageReceived method. An attacker can gain unauthorized access to sensitive data by bypassing EncryptInterceptor to intercept unencrypted communications. Note: This is d...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the EncryptInterceptor class, which defaults to CBC mode. An attacker can obtain sensitive information via padding oracle. Remediation Upgrade org.apache.tomcat:tomcat-tribes to versio...

EUVD-2014-9721

Malware in sbrugna...

tribes-store.it Cross Site Scripting vulnerability OBB-2380488

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Our journey to API security at Raiffeisen Bank International

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in...

CVE-2014-9917

CVE-2014-9917 affects Bilboplanet 2.0. The issue is a stored XSS vulnerability triggered when adding a tag via the URL parameter in user/?page=tribes tags. The root cause is unsanitized input in tag handling, allowing injected script to be stored and later rendered to other users. Impact is descr...

Celtic Tribes - Building MMOG - BSD license, Base64 encoded String, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Celtic Tribes - Building MMOG published at the 'play' market has multiple vulnerabilities...

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application Date: 10/15/13 Exploit Author:Vivek N http://nvivek.weebly.com/ Vendor Homepage: http://www.bilboplanet.com/ Software Link:...

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application Date: 10/15/13 Exploit Author:Vivek N http://nvivek.weebly.com/ Vendor Homepage: http://www.bilboplanet.com/ Software Link: www.bilboplanet.com/index.php/downloads/?lang=en Version: 2.0 Tested on: Windows CVE : 1. Stored XSS...

StarSiege Tribes Server Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP datagram...

StarSiege Tribes Server Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP datagram...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to 1 friends.php, 2 seutubo.php, 3 album.php, 4 scrapbook.php, 5 index.php, or 6 tribes.php; or 7 the...

StarSiege: Tribes DoS

Advisory Name: "Starsiege: Tribes" DoS Release Date: 07/14/2003 Discovered: 06/09/2003 Application: Tribes.exe Platform: PC with Windows 2k; others not tested Severity: High Discovery: JadaCyruS [email protected] Author: st0ic [email protected] Vendor: Sierra Entertainment - http://www.sierra.com/...

StarSiege Tribes Server - Denial of Service (2)

StarSiege Tribes Server - Denial of Service 2 source: https://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP...

StarSiege Tribes Server - Denial of Service (2)

source: https://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP datagram. Reportedly when the server handles ...