Microsoft Windows 10: Localhost IP address for WebRTC (Edge)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winedgelocalhostipwebrtc.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Prevent using Localhost IP address for WebRTC Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.ne...

perpustakaan.undiksha.ac.id XSS vulnerability

Open Bug Bounty ID: OBB-607581 Description| Value ---|--- Affected Website:| perpustakaan.undiksha.ac.id Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

tr.wikiloc.com XSS vulnerability

Open Bug Bounty ID: OBB-533694 Description| Value ---|--- Affected Website:| tr.wikiloc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

JVN#71538099: Olive Diary DX vulnerable to cross-site scripting

Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being developed or...

dance.nyc XSS vulnerability

Vulnerable URL: https://www.dance.nyc/search/?dir=%3C/script%3E%3Cscript%3Ealert'OPENBUGBOUNTY';%3C/script%3E%3Cscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 759468 VIP...

SetucoCMS vulnerable to cross-site request forgery

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site request forgery vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

SetucoCMS vulnerable to session management

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains session management vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

SUSE SLES11 Security Update : curl (SUSE-SU-2016:2449-1)

This update for curl fixes the following issues : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-7141: Fixed incorrect reuse of client certificates bsc997420. Note that Tenable Network Security...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2330-1)

This update for curl fixes the following issues: Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fixe...

openSUSE Security Update : curl (openSUSE-2016-1043)

This update for curl fixes the following issues : - fixing a performance regression with FTP boo991746 - TLS session resumption client cert bypass boo991389, CVE-2016-5419 - Re-using connections with wrong client cert boo991390, CVE-2016-5420 - use of connection struct after free boo991391,...

FreeBSD : Vulnerabilities in Curl (e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1)

Curl security team reports : CVE-2016-5419 - TLS session resumption client cert bypass CVE-2016-5420 - Re-using connections with wrong client cert CVE-2016-5421 - use of connection struct after free %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

CG-WLBARGL vulnerable to command injection

Overview CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#76653039: CG-WLBARGL vulnerable to command injection

CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Impact An arbitrary command may be executed by an authenticated attacker. Solution Do not use CG-WLBARGL As of Jun 22nd, 2016, there are no practical solutions to this issue. It is...

Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR（CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net

! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...

Medium: curl

Issue Overview: As discussed upstream http://curl.haxx.se/docs/adv20150617A.html, libcurl can wrongly send HTTP credentials when re-using connections. CVE-2015-3236 Also discussed upstream http://curl.haxx.se/docs/adv20150617B.html, libcurl can get tricked by a malicious SMB server to send off da...

cURL -- Multiple Vulnerability

cURL reports: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Just like all other libcurl options the credentials...