EUVD-2009-5074

Malware in sbrugna...

EUVD-2011-2981

Malware in sbrugna...

EUVD-2014-5998

Malware in sbrugna...

EUVD-2012-4530

Malware in sbrugna...

EUVD-2013-2956

Malware in sbrugna...

CVE-2009-5119

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...

CVE-2022-23000

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...

CVE-2022-23000

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...

RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

Information Disclosure Through Race Condition

apache-ldap-api is vulnerable to information disclosure through a race condition. The vulnerability exists as it is possible for another thread to use the connection before it is secured by TLS, caused by the weak setup of SSL Filter. This could potentially expose sensitive information such as...

CVE-2013-3017

IBM Tivoli Application Dependency Discovery Manager TADDM before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353...

Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)

Summary The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. Vulnerability Detai...

IBM Tivoli Identity Manager and Security Identity Manager Information Disclosure Vulnerability (CNVD-2018-08707)

IBM Tivoli Identity Manager and Security Identity Manager are both products of IBM Corporation of the U.S.A. IBM Tivoli Identity Manager is a suite of identity management software used to manage user rights across heterogeneous IT resources.Security Identity Security Identity Manager is an identi...

CVE-2014-6112

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID...

filenori.com XSS vulnerability

Vulnerable URL: http://www.filenori.com/filog/index.jsp?filogid=/%27%22--!%3E%3Cimg%20src=x%20onerror=alert%22openbugbounty%22%3Eokm022 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

vav.kr XSS vulnerability

Vulnerable URL: http://www.vav.kr/?image==a%27aa%22%22%3E%3C/title%3E%3C/script%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 39786 VIP...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote...

searchsai.com XSS vulnerability

Vulnerable URL: http://www.searchsai.com/searchsai.php?cx=partner-pub-5014084889093121%3Avvbdhqc6s9a=FORID%3A10=ISO-8859-1=Lord+Ganesha=rk--%22%3E%3Caudio+src%3Dx+onerror%3Dconfirm%28%22OPENBUGBOUNTY%22%29%3E==www.mysai.org%2Fg2%2Findex.php%3Fpage%3Dg22.php=www.mysai.org%2Fg2%2F=101j10201j2...

Gratipay: bring grtp.co up to A grade on SSLLabs

Issues at https://grtp.co/ reference for Weak SSL Ciphers:https://www.owasp.org/index.php/TestingforWeakSSL/TLSCiphers,InsufficientTransportLayerProtectionOTG-CRYPST-001 Weak SSL Ciphers supported at port 443: TLS 1.0: TLSECDHERSAWITH3DESEDECBCSHA ec 256 - C TLSDHERSAWITH3DESEDECBCSHA dh 1024 - D...

samozashita.ru XSS vulnerability

Vulnerable URL: http://samozashita.ru/buy/rent.php?domain= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Check...