CVE-2016-11058

The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs...

Hardcoded credentials

The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs...

CVE-2016-11058

The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs...

CVE-2016-11058

The CVE-2016-11058 entry concerns the NETGEAR genie Android app prior to version 2.4.34, which mishandles hard-coded API keys and session IDs. This could enable unauthorized access or session hijacking due to exposed credentials, as reflected by the CVSS scores (2.0/3.1) indicating network-exposu...

Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Shopify: CircleCI token in github repo allows for access to sensitive build information

While looking through some Shopify Github repos I came across the following CircleCI token: ca84774a88598f639b174d498c219163e04adbb2 in the js-buy-sdk repo. curl https://circleci.com/api/v1.1/me?circle-token=ca84774a88598f639b174d498c219163e04adbb2 returns information about the user which confirm...

Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company

should-i-trust is a tool to evaluate OSINT signals for a domain. Requirements should-i-trust requires API keys from the following sources: Censys.io - Free for for first 250/quries/month VirusTotal - Free GrayHatWarFare - Free with limited results Use Case You're part of a review board that's...

Zoho ManageEngine OpManager Information Disclosure Vulnerability (CNVD-2020-28457)

Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. An information disclosure vulnerability exists in Zoho ManageEngine OpManager. The vulnerability can be exploited to retrieve API keys via servlet calls...

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

firefox security update

68.7.0-2.0.1.el81 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references Orabug: 30530527 68.7.0-2 - Update to 68.7.0 build3 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Hora...

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

Privilege escalation

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

UBUNTU-CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

CVE-2020-7009

CVE-2020-7009 affects Elasticsearch across 6.7.0–6.8.7 and 7.0.0–7.6.2, with a privilege-escalation flaw in the API key/authentication flow that can elevate privileges when an attacker can generate API keys. Public docs reference this vulnerability as a flaw in the API Key service, enabling an at...

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

PayloadsAllTheThings

This repository is an offensive tool for API key and bucket S3 exploitation. It contains tools and exploits for various types of attacks, including CRLF injection, CSRF injection, and API key leaks. The repository includes a variety of scripts and modules for different types of attacks, such as...

Node.js third-party modules: [sapper] Path Traversal

I would like to report a critical path traversal vunerability in the sapper module It allows an attacker to simply obain arbitrary files from the remote server, exploiting a simple path traversal using URL-encoded "../". Module module name: sapper version: 0.27.10 npm page:...

Visma Public: [IDOR]Ability to edit Description of api_key's of other users.

The reasearcher was able to change the description associated with API-keys for other users on the /api/orgID/apiKey endpoint by modifying the id of the API-key in the request...

Nord Security: Hard-coded API keys at NordVpn Android App

Hello NordVpn, APK Version : 4.6.2 API'S at res/values/strings.xml Google googleapikey = AIzaSyBySEqk7WWee9bxpw5BM1eJeUx1TWdHE Stripe stripepublishableapikey = pklivej1Mt911wyZwAhATA9TYdA8q2 Referance; https://stripe.com/docs/keys Impact Cleartext Storage of Sensitive Information...