Cross site scripting

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

CVE-2017-1000114

CVE-2017-1000114 concerns the Jenkins/Datadog plugin where the API key used to access Datadog was stored in the global Jenkins configuration and transmitted in plain text via the configuration form, potentially exposing the key through browser extensions or XSS. Documents indicate the plugin was ...

GSA Bounty: [api.data.gov] Leak Valid API With out Verification -

Description Remote attackers are able to retrieve a valid working api key with random Generation Process without a secure parsing or secure channel , human verification ..etc . the current proccess for requesting any api key is with signup form , and message with api delivered privately to user ,...

Knockpy - Enumerate Subdomain Scanner

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...

Legal Robot: Create Api Key is not working

Create Api Key is not working...

WakaTime: Session Duplication due to Broken Access Control

Due to improper validation of user before generating an API-KEY and improper measures taken at the time of password reset, it is possible to generate a parallel session at the attacker's end. Proof of concept video is attached to confirm the vulnerability and to demonstrate the Impact of this...

Weblate: No Rate Limitation on Regenerate Api Key

Hi, I discovered that there is no request throttling or limit on api key regeneration. Though theres a little change while making a total of 30 requests in a few seconds, server error occurred then it continued. Screenshot F197872 In the screenshot 685 denotes a processed request and 6052 denotes...

Vulners Cloud Agents for Vulnerability Management

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...

Octopus Deploy - (Authenticated) Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...

Octopus Deploy Authenticated Code Execution Exploit

This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: http://metasploit.com/download Current...

Octopus Deploy Authenticated Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...

ThisData: Insecure Cache-Control Leading to API key Retrieval

Description: https://thisdata.com/customers/user/install/apis/number/reauthorize Does not have good browser cache management, allowing another user with access to the device to retrieve the API key. All of the thisdata.com pages do not have the cache management correctly configured, allowing the...

Octopus Deploy Authenticated Code Execution

This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2017-7991

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...

CVE-2017-7991

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...

Sql injection

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...

CVE-2017-7991

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...

Exponent CMS 2.4.1 SQL Injection Vulnerability

Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability. CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of...

ShodanHat - Search For Hosts Info With Shodan

Search For Hosts Info With Shodan. Dependencies You need to install shodan with pip install shodan or easyinstall shodan. You need to install python-nmap with pip install python-nmap. You need to set your API Key in the 'constantes.py' file. Options -h, --help show this help message and exit -i I...