1270 matches found
Design/Logic Flaw
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
CVE-2021-27228
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...
Octopus DSC Security Breach
Octopus DSC is a PowerShell module with DSC resources that can be used to install and configure Octopus Deploy servers and reach agents. A security vulnerability exists in Octopus DSC version 4.0.977 and earlier, which stems from a vulnerability that allows client API keys used to connect to the...
Attackers Steal E-Mails, Info from OpenWrt Forum
The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information. Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in...
CVE-2020-29041
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...
Code injection
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...
CVE-2020-29041
The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...
FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...
ReconNote - Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters
Web Application Security ReconAutomation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like - Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Statu...
Debian DLA-2426-1 : junit4 security update
In junit4 the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default,...
[SECURITY] [DLA 2426-1] junit4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2426-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 01, 2020 https://wiki.debian.org/LTS -...
Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
Information disclosure
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250 Information disclosure in JUnit4
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
CVE-2020-15250 affects JUnit4 TemporaryFolder information disclosure in Unix-like environments where the system tmp dir is shared among users. Affected: JUnit4 versions before 4.13.1; fixed in 4.13.1 for Java 7+; Java 6 and earlier have no patch. Workarounds include running tests with a dedicated...