1. Reverse Engineering >
  2. Exploits


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Exploits


Suchen

News RSS Quellen: 23x
News Kategorien unterhalb von Exploits: 2x
News RSS Feeds dieser Exploits Kategorie: RSS Feed Exploits
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 5 von 4.603 Seiten (Bei Beitrag 140 - 175)
161.092x Beiträge in dieser Kategorie

Auf Seite 4 zurück | Nächste 6 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [5] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]

[remote] Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

Zur Kategorie wechselnPoC vom | Quelle: exploit-db.com Direktlink direkt öffnen

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure
News Bewertung

Weiterlesen Weiterlesen

F5 Enterprise Manager: Schwachstelle ermöglicht Manipulation von Dateien

Zur Kategorie wechselnExploits vom | Quelle: cert-bund.de Direktlink direkt öffnen

CB-K19/0830: F5 Enterprise Manager: Schwachstelle ermöglicht Manipulation von Dateien
News Bewertung

Weiterlesen Weiterlesen

Linux Kernel: Mehrere Schwachstellen

Zur Kategorie wechselnExploits vom | Quelle: cert-bund.de Direktlink direkt öffnen

CB-K19/0778 Update 1: Linux Kernel: Mehrere Schwachstellen
News Bewertung

Weiterlesen Weiterlesen

libexpat: Schwachstelle ermöglicht Denial of Service

Zur Kategorie wechselnExploits vom | Quelle: cert-bund.de Direktlink direkt öffnen

CB-K19/0798 Update 2: libexpat: Schwachstelle ermöglicht Denial of Service
News Bewertung

Weiterlesen Weiterlesen

Linux Kernel: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Zur Kategorie wechselnExploits vom | Quelle: cert-bund.de Direktlink direkt öffnen

CB-K19/0791 Update 1: Linux Kernel: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
News Bewertung

Weiterlesen Weiterlesen

[remote] HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

Zur Kategorie wechselnPoC vom | Quelle: exploit-db.com Direktlink direkt öffnen

HPE Intelligent Management Center
News Bewertung

Weiterlesen Weiterlesen

[webapps] Gila CMS < 1.11.1 - Local File Inclusion

Zur Kategorie wechselnPoC vom | Quelle: exploit-db.com Direktlink direkt öffnen

Gila CMS
News Bewertung

Weiterlesen Weiterlesen

New Relic: Mixed content issues on newrelic.com

Zur Kategorie wechselnExploits vom | Quelle: vulners.com Direktlink direkt öffnen


image
Hi guys, I have found Mixed Content on https://newrelic.com/*: * Insecure endpoint http://newrelic.com/ that should be served over HTTPS. Description: Passive mixed content is content sent over HTTP that is contained on the HTTPS page, but which can not change other parts of the page. For example, an attacker can replace a picture sent via HTTP with obscene content or a message to the user. The attacker can also view the activity of the user, observing which images are sent to the user. Knowing which pictures the user downloads, an attacker can figure out which pages the user is visiting. In this case, mixed content is affecting some endpoints on: https://newrelic.com/products/ https://newrelic.com/platform/ https://newrelic.com/integrations/* Steps To Reproduce: Open https://newrelic.com/products (Using Chrome, Opera, etc.) View Developer Tools Ctrl + Shift+ I (Besides Internet Explorer - F12) Open the Console tab - there will be a warning that there are mixed content on the page. The mixed content will appear. Risk: This mixed content (that is loaded on the main site) is susceptible to a Man-in-the-middle attack. Using this non-secured endpoints, an attacker could be able to redirect users to attacker sites. This vulnerability have a low severity, but is in scope on this program, and should be fixed. How to fix: All vulnerable endpoints should be served using https. The fix is easy, just change all http://newrelic.com/ to https://newrelic.com/ . Supporting Material/References: Screenshots attached https://resources.infosecinstitute.com/https-mixed-content-vulnerability/ (Reference) Test on https://newrelic.com/platform url using https://www.whynopadlock.com. https://www.whynopadlock.com/results/2145f4bc-47a1-4bf9-8d91-948d534a693d Impact HTTP connection is only partially encrypted. The unencrypted content is accessible to sniffers and can be intercepted by an attacker. A man-in-the-middle attacker can intercept the request and also rewrite the response to include malicious or deceptive content. This content can be used to steal the user's credentials, acquire sensitive data about the user, or attempt to install malware on the user's system (by leveraging vulnerabilities in the browser or its plugins, for example), and therefore the connection is not safeguarded anymore. Mixed content on endpoints are easily exploitable by attackers to redirect users to their own sites.
News Bewertung

Weiterlesen Weiterlesen

irssi up to 0.8.20 Out-of-Bounds denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in irssi up to 0.8.20 (Messaging Software). It has been declared as problematic. This vulnerability affects an unknown code block. Upgrading to version 0.8.21 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

irssi up to 0.8.20 nick Message Crash denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability has been found in irssi up to 0.8.20 (Messaging Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component nick Message Handler. Upgrading to version 0.8.21 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

irssi 0.8.17/0.8.18/0.8.19/0.8.20 ANSI x8 Color Code Out-of-Bounds denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in irssi 0.8.17/0.8.18/0.8.19/0.8.20 (Messaging Software) and classified as problematic. Affected by this issue is an unknown part of the component ANSI x8 Color Code Handler. Upgrading to version 0.8.21 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

irssi up to 0.8.20 Message nickcmp denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as problematic, was found in irssi up to 0.8.20 (Messaging Software). Affected is the function nickcmp of the component Message Handler. Upgrading to version 0.8.21 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

mcollective-puppet-agent Plugin 1.12.0 on Windows privilege escalation

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as critical, has been found in mcollective-puppet-agent Plugin 1.12.0 on Windows (Service Management Software). This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

libass up to 0.13.3 libass/ass_shaper.c check_allocations denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as problematic has been found in libass up to 0.13.3. This affects the function check_allocations of the file libass/ass_shaper.c. Upgrading to version 0.13.4 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Lenovo ThinkServer TSM 3.77 Broadcast denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as critical was found in Lenovo ThinkServer TSM 3.77. This vulnerability affects some unknown processing of the component Broadcast Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

libass up to 0.13.3 libass/ass_blur.c calc_coeff memory corruption

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in libass up to 0.13.3. It has been rated as critical. Affected by this issue is the function calc_coeff of the file libass/ass_blur.c. Upgrading to version 0.13.4 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Dropbear SSH up to 2016 dbclient/server -v Memory information disclosure

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in Dropbear SSH up to 2016 (SSH Server Software). It has been classified as problematic. Affected is some unknown functionality of the component dbclient/server. Upgrading to version 2016.74 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

libass up to 0.13.3 ass_render.c wrap_lines_smart denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in libass up to 0.13.3. It has been declared as problematic. Affected by this vulnerability is the function wrap_lines_smart of the file ass_render.c. Upgrading to version 0.13.4 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Dropbear SSH up to 2016 dropbearconvert privilege escalation

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability has been found in Dropbear SSH up to 2016 (SSH Server Software) and classified as critical. This vulnerability affects an unknown function of the component dropbearconvert. Upgrading to version 2016.74 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Dropbear SSH up to 2016 dbclient -m/-c privilege escalation

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in Dropbear SSH up to 2016 (SSH Server Software) and classified as critical. This issue affects an unknown functionality of the component dbclient. Upgrading to version 2016.74 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Dropbear SSH up to 2016 username/host Format String

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as critical, was found in Dropbear SSH up to 2016 (SSH Server Software). This affects some unknown processing. Upgrading to version 2016.74 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

MatrixSSL up to 3.8.2 TLS CBC Mode Out-of-Bounds denial of service

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as problematic, has been found in MatrixSSL up to 3.8.2. Affected by this issue is an unknown code block of the component TLS CBC Mode. Upgrading to version 1.1 eliminates this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

MatrixSSL up to 3.8.6 DHE_RSA Side-Channel weak encryption

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as problematic has been found in MatrixSSL up to 3.8.6. Affected is an unknown part of the component DHE_RSA. Upgrading to version 3.8.7 eliminates this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

MatrixSSL up to 3.8.2 RSA weak encryption

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as problematic was found in MatrixSSL up to 3.8.2. Affected by this vulnerability is an unknown code of the component RSA. Upgrading to version 3.8.3 eliminates this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

BlackBerry Good Control Server up to 2.3.53 Logging information disclosure

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in BlackBerry Good Control Server up to 2.3.53. It has been rated as problematic. This issue affects some unknown functionality of the component Logging. Upgrading to version 2.3.53.62 eliminates this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 index.php cross site request forgery

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in ZoneMinder up to 1.30 (Video Surveillance Software). It has been declared as problematic. This vulnerability affects an unknown functionality of the file index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 Log Query index.php limit sql injection

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in ZoneMinder up to 1.30 (Video Surveillance Software) and classified as critical. Affected by this issue is some unknown processing of the file index.php of the component Log Query Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 Cookie ZMSESSID Session Fixation weak authentication

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in ZoneMinder up to 1.30 (Video Surveillance Software). It has been classified as critical. This affects an unknown function of the component Cookie Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Zur Kategorie wechselnExploits vom | Quelle: cxsecurity.com Direktlink direkt öffnen

"Plateforme Dokeos 1.8.6.3 " or 1.8.6.1
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 index.php cross site scripting

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as problematic, was found in ZoneMinder up to 1.30 (Video Surveillance Software). Affected is an unknown code of the file index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 Monitor name cross site scripting

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability has been found in ZoneMinder up to 1.30 (Video Surveillance Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component Monitor Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

ZoneMinder up to 1.30 Download Log index.php format cross site scripting

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability, which was classified as problematic, has been found in ZoneMinder up to 1.30 (Video Surveillance Software). This issue affects an unknown part of the file index.php of the component Download Log Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

festivaltts4r Gem on Ruby festival4r.rb to_speech/to_mp3 privilege escalation

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as critical was found in festivaltts4r Gem on Ruby (Ruby Gem) (the affected version is unknown). This vulnerability affects the function to_speech/to_mp3 in the library lib/festivaltts4r/festival4r.rb. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
News Bewertung

Weiterlesen Weiterlesen

espeak-ruby Gem up to 1.0.2 on Ruby lib/espeak/speech.rb speak/save/bytes/bytes_wav privilege escalation

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability classified as critical has been found in espeak-ruby Gem up to 1.0.2 on Ruby (Ruby Gem). This affects the function speak/save/bytes/bytes_wav in the library lib/espeak/speech.rb. Upgrading to version 1.0.3 eliminates this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

PySAML2 SAML XML Response XML External Entity

Zur Kategorie wechselnExploits vom | Quelle: vuldb.com Direktlink direkt öffnen

A vulnerability was found in PySAML2 (affected version not known). It has been rated as critical. Affected by this issue is an unknown function of the component SAML XML Response Handler. Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 5 von 4.603 Seiten (Bei Beitrag 140 - 175)
161.092x Beiträge in dieser Kategorie

Auf Seite 4 zurück | Nächste 6 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [5] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]