CVE-2014-1234

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...

Design/Logic Flaw

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...

CVE-2014-1234

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...

CVE-2014-1234

CVE-2014-1234 affects the paratrooper-newrelic gem (Ruby) v1.0.1. A local attacker can obtain the X-Api-Key by listing the curl process, due to leakage in the process tree. Impact is local exposure of the API key. Public patches or mitigations are not detailed in the provided documents; refer to ...

Multi Gather Malware Verifier

This module will check a file for malware on VirusTotal based on the checksum. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require 'uri' class MetasploitModule 'Multi Gather Malware Verifier',...

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Date: 11/15/2013 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/bio-basespace-sdk Description: "BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the development of Apps and...

Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure

Paratrooper-newrelic Gem for Ruby contains a flaw in /lib/paratrooper-newrelic.rb. The issue is triggered when the script exposes the API key, allowing a local attacker to gain access to it by monitoring the process tree...

Bio Basespace SDK 0.1.7 API Key Exposure

The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the APIKEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table. Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via...

Bio Basespace SDK Gem for Ruby Command Line API Key Disclosure

Bio Basespace SDK Gem for Ruby contains a flaw that is due to the API client code passing the APIKEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table...

CVE-2012-2917

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

CVE-2012-2917

CVE-2012-2917 affects the WordPress plugin Share and Follow (version ≤ 1.80.3). The vulnerability is a Cross-site Scripting (XSS) flaw triggered when attackers inject script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. The NVD entry reports a medium...

CVE-2012-2917

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

WordPress Share And Follow 1.80.3 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

http-virustotal NSE Script

Checks whether a file has been determined as malware by Virustotal. Virustotal is a service that provides the capability to scan a file or check a checksum against a number of the major antivirus vendors. The script uses the public API which requires a valid API key and has a limit on 4 queries p...

Shodan Search

This module uses the Shodan API to search Shodan. Accounts are free and an API key is required to use this module. Output from the module is displayed to the screen and can be saved to a file or the MSF database. NOTE: SHODAN filters i.e. port, hostname, os, geo, city can be used in queries, but...

http-google-malware NSE Script

Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service. To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe...

Improper access control

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh...

CVE-2009-1085

CVE-2009-1085 affects Piwik 0.2.32 and earlier. The issue is improper access control that stores sensitive information (including the API key) under the web root, enabling remote attackers to obtain it via a direct request for misc/cron/archive.sh. The connected records confirm the same descripti...

SA-2008-038 - Services - Arbitrary code execution

The Services module package was created out of a need for a standardized solution to integrate external applications with Drupal. It builds on concepts from Drupal core's XMLRPC interface, but abstracts service callbacks so that they may be used with multiple interfaces such as XMLRPC, SOAP, REST...