CVE-2020-7999

CVE-2020-7999 affects the Intellian Aptus Android app (version 1.0.2). The issue is that it contains hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY, which constitutes a credential exposure in the client. The linked sources (NVD/Red Hat/NVD-like entries) confirm the same descripti...

New Relic: Account owner/admin can't actually delete personal users' API keys

Hey team, An account owner/admin should be able to remove API keys belonging to other users in a case of, for instance, they are compromised. This sentence is confirmed by your own docs: F695035 However, the account owner/admin can't actually do this so he can't protect the account data from bein...

Secretx - Extracting API Keys And Secrets By Requesting Each URL At The Your List

Extracting api keys and secrets by requesting each url at the your list. Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py --list urlList.txt --threads 15 optional arguments: --help --colorless Credits Thanks to @m4ll0k for patterns and @choudhary1337 inpsiring for...

TheTHE - Simple, Shareable, Team-Focused And Expandable Threat Hunting Experience

TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way. One of the major drawbacks when dealing with a hunting is the collection of information available on a high number of sources, both public and private. All thi...

Fileintel - A Modular Python Application To Pull Intelligence About Malicious Files

This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence sources can be easily added. Files are identified by file hash MD5, SHA1, SHA256. The output is in CSV format and sent to STDOUT so the data can be saved or...

Zenly: Insecure Storage and Overly Permissive API Keys in Android App

Description: Most often Developers for their ease of use,leave API keys and some sensitive keys ,Tokens as hardcoded strings,which isn't really a good ideas as it can result in Leaks of sensitive information getting in Wrong Hands which indeed can results in Data theft and Tampering with how the...

Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow

Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

Design/Logic Flaw

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

CVE-2019-14666

GLPI

Project iKy v2.2.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Information Disclosure

github.com/wtfutil/wtf is vulnerable to information disclosure. The permissions of config.yml is not set. This allows local attackers to access the file and retrieve confidential information such as passwords or API keys if permissions are incorrectly configured or configured with unsafe OS...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

Code injection

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today. The security breach particularly affects...

Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates

UPDATE Imperva, the security vendor, has made a security breach public that affects customers using the Cloud Web Application Firewall WAF product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity. Users’...