1269 matches found
PoT - Phishing On Twitter
Generate tweet automatically like him/her How it works? 1- Collect data from target's twitter account 2- Find target's friend and copy her/him account 3- Generate tweet automatically with markov chain algorithm and send it Installation git clone https://github.com/omergunal/PoT cd PoT pip3 instal...
Open Source Static Code Analyser: StaCoAn
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
Twebit - Bitcoin Analysis in Twitter With Machine Learning
Bitcoin analysis with machine learning. How it works? 1- Get tweets from twitter. 2- Filter tweets. 3- Tweet classification with naive bayes algorithm Positive,negative and neut. Installation git clone https://github.com/omergunal/twebit cd twebit pip3 install -r requirements.txt Update your api...
Reposcanner - Python Script To Scan Git Repos For Interesting Strings
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required python-git on Debian. Usage ./reposcanner -r Options: optional arguments: -h, --help sho...
Unauthorized API Access
solidus is vulnerable to unauthorized API access attacks. The vulnerability exists as API keys were not validated for critical endpoints such as the Api::Orderscreate endpoint...
Recurly gem Server-Side Request Forgery in Resource#find method
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...
GHSA-X27V-X225-GQ8G Recurly gem Server-Side Request Forgery in Resource#find method
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...
CVE-2017-1000401
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...
Server-side Request Forgery (SSRF)
The Python Recurly client is vulnerable to server-side request forgery SSRF attacks A malicious user can pass a URI from a different domain to gain access to API keys or other sensitive information...
Server-Side Request Forgery (SSRF)
recurly is vulnerable to server-side request forgery SSRF attacks A malicious user can pass a URI from a different domain to gain access to API keys or other sensitive information...
Recurly Client Ruby Library Server-Side Request Forgery Vulnerability
Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...
Server side request forgery (ssrf)
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
Server side request forgery (ssrf)
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
CVE-2017-0907
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
CVE-2017-0905
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
CVE-2017-0906
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
CVE-2017-0907
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
Server side request forgery (ssrf)
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
PYSEC-2017-68
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...