CVE-2020-5667

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Hardcoded credentials

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2020-5667

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2020-5667

Studyplus App (Android v6.3.7 and earlier; iOS v8.29.0 and earlier) contains a hard-coded API key for an external service, enabling an attacker to retrieve the key by analyzing app data. Root cause: hard-coded credentials in the client. Impact: potential exposure of the external service API key; ...

Studyplus App uses a hard-coded API key for an external service

Overview Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for an...

OPENSUSE-SU-2020:1687-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation boo1177383 - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302...

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

CVE-2020-26102

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM SEC-550...

Code injection

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM SEC-550...

CVE-2020-26102

CVE-2020-26102 affects cPanel before 88.0.3 where Dovecot on a templated VM uses an insecure auth policy API key (SEC-550). The vulnerability is evidenced by public records showing a policy-key weakness in the Dovecot integration within cPanel’s VM templating. Public CVSS metrics indicate medium ...

CVE-2020-26102

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM SEC-550...

Solana BBP: Public and secret api key leaked via Solana BBP github repo

Sumarry: Most often Developers for their ease of use,leave API keys and some sensitive keys ,Tokens as hardcoded strings,which isn't really a good ideas as it can result in Leaks of sensitive information getting in Wrong Hands which indeed can results in Data theft and Tampering with how the...

Security update for pdns-recursor (moderate)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1101-1 Rating: moderate References: 1173302 Cross-References: CVE-2020-14196 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description:This...

Stripo Inc: Public and secret api key leaked in JavaScript source

Summary: Summary the vulnerabilities I am surfing on the stripo website. I found a sensitive data including authentication key written in public accessible javascript file. URL Vulnerability https://staging.empleio.stripo.email/main.c1965c58f39a0f4aadc3.js Steps To Reproduce: Open...

Shipt: Api Token Leaked in [shoppers.shipt.com]

A researcher reported an API key stored in source code that was part of a 3rd party knowledge base integration. The Shipt information security team immediately investigated the report and determined that the API key referenced was a legacy token that was no longer being used. While it didn't...

Bbrecon - Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...

Scan-For-Webcams - Scan For Webcams In The Internet

Automatically scan for publically accessible webcams around the internet Usage python MJPG.py : for public MJPG streamers around the internet python webcamXP.py : for public webcamXP streamers around the internet The program will output a list of links with the format of ipaddress:port If your...

Dropcontact: API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation.

We didn't verified the API key when a new user was using his pipedrive free trial, so someone could take a key of another pipedrive which don't belong to him and make his free trial on this api key. Or launch a free trial on a pipedrive already connected to pipedrive...

Elasticsearch Privilege Escalation (CVE-2020-7014)

A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges...

Elasticsearch Privilege Escalation (CVE-2020-7009)

A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...