1825 matches found
CVE-2018-1999031
CVE-2018-1999031 describes an information disclosure in the Jenkins meliora-testlab Plugin (versions
Homebrew: GitHub API Key for BrewTestBot is publicly exposed
Hello! While browsing through some old reports, I found that https://jenkins.brew.sh was publicly accessible. I got curious when I saw one of the brew bottle builds doing a git push to BrewTestBot/homebrew-core, and wondered if the credentials to make authenticated pushes were accessible. Sure...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...
MGASA-2018-0308 Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...
Cloudflare: Private API key leakage due to lack of access control
The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...
FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan
FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...
Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root Exploit
Exploit for php platform in category web applications Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...
Nagios XI 5.x Chained Remote Root
Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
Subfinder - Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target
SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then i...
Harpoon - CLI Tool For Open Source And Threat Intelligence
OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon --process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -...
Semrush: Broken Authentication: A project addition request can be used multiple time for different users
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Broken...
PayLink 3.0.1 Cross Site Scripting
============================================================================ | Title : PayLink v3.0.1 XSS Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | | Version : v3.0.1 | | Vendor : https://code.condize.com//pay/ | | Dork...
Philips Hue Bridge BSB002 public API security bypass vulnerability
Philips Hue Bridge BSB002 is a smart home lighting system from Philips in the Netherlands. public API is one of the public interfaces. A security vulnerability exists in the public API in the Philips Hue Bridge BSB002 using firmware version 1707040932, where the vulnerable program fails to encryp...
SSRF vulnerability in Recurly gem's Resource#find.
If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...
GHSA-959J-5G9V-3FPQ Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...