CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/11/13 5:29 p.m.•18 views

CVE-2017-0905

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...

9.8CVSS6.8AI score

OSV•added 2017/11/13 5:29 p.m.•13 views

CVE-2017-0907

9.8CVSS6.8AI score

Cvelist•added 2017/11/13 5:0 p.m.•19 views

CVE-2017-0905

9.5AI score0.02594EPSS

CVE•added 2017/11/13 5:0 p.m.•70 views

CVE-2017-0907

The CVE affects Recurly Client .NET Library prior to versions 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, and 1.8.1. Root cause is improper use of Uri.EscapeUriString, leading to a Server-Side Request Forgery (SSRF) that could allow exposure or compromise of API keys or other critic...

9.8CVSS9.4AI score0.02594EPSS

Cvelist•added 2017/11/13 5:0 p.m.•29 views

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

9.5AI score0.02594EPSS

CVE•added 2017/11/13 5:0 p.m.•90 views

CVE-2017-0905

The CVE-2017-0905 issue affects the Recurly Client Ruby Library (before versions 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3). A Server-Side Request Forgery vulnerability exists in the Resource#find method that could lead to compromise of API keys or o...

9.8CVSS9.4AI score0.02594EPSS

CVE•added 2017/11/13 5:0 p.m.•79 views

CVE-2017-0906

The CVE-2017-0906 SSRF flaw affects the Recurly Client Python Library prior to versions 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, and 2.6.2 in the Resource.get method. Root cause: server-side request forgery could allow an attacker to access API keys or other sensitive resources. Impact: potent...

9.8CVSS9.3AI score0.02594EPSS

Hacker One•added 2017/10/01 5:13 p.m.•13 views

Yelp: Leaking sensitive information lead to compromise employer API keys

The configuration file of an internal IRC bot which included credentials to internal services and some external services used by Yelp developers was inadvertently included by an employee in a personal public GitHub repository. The repository was taken down and the affected credentials rotated...

OSV•added 2017/10/01 1:29 a.m.•2 views

CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories by leveraging the ability to sniff HTTP traffic on...

7.5CVSS5.8AI score0.00422EPSS

Prion•added 2017/10/01 1:29 a.m.•17 views

Design/Logic Flaw

7.9CVSS7.5AI score0.00422EPSS

Exploits0References1Affected Software1

NVD•added 2017/10/01 1:29 a.m.•16 views

CVE-2017-14797

7.9CVSS7.5AI score0.00422EPSS

Cvelist•added 2017/09/30 3:0 a.m.•21 views

CVE-2017-14797

7.5AI score0.00422EPSS

CVE•added 2017/09/30 3:0 a.m.•46 views

CVE-2017-14797

The CVE-2017-14797 entry concerns Philips Hue Bridge BSB002 public API on firmware 1707040932, where a lack of transport encryption enables an attacker on the local intranet to sniff HTTP traffic and read API keys. This bypasses the pushlink protection and can, per cited sources, allow full contr...

7.9CVSS7.4AI score0.00422EPSS

Exploits0References1Affected Software1

pentestit•added 2017/08/28 9:25 p.m.•67 views

Automated Penetration Testing Toolkit UPDATE: APT2 v1.0-20170613!

PenTestIT RSS Feed Almost five months ago, I covered this automated penetration testing toolkit. I was updating my tools today and found that this toolkit was also updated some time ago. This is the APT2 v1.0-20170613 release, which was released almost 2 months ago. What is APT2? APT2 will perfor...

pentestit•added 2017/07/21 6:19 a.m.•85 views

Subdomain Enumeration Using Censys & Crtsh!

PenTestIT RSS Feed If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare,...

Hacker One•added 2017/07/12 11:21 a.m.•100 views

X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor

Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...

6.7AI score

Kitploit•added 2017/07/03 3:30 p.m.•17 views

AQUATONE - A Tool for Domain Flyovers

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and...

n0where•added 2017/06/15 5:33 a.m.•32 views

Chat With Hacker Assistant: hackerbot

Chat with your assistant and enjoy hacking This bot is a combination of chatbot and hacking tools Chatting Twitter account analysis Url scan File scan Ip scan Linux enumeration Linux priv escalation checker Shellshock Mimipenguin Installation git clone https://github.com/omergunal/hackerbot cd...

0.4AI score

n0where•added 2017/06/12 6:57 p.m.•21 views

An All In One Information Gathering Tool: RED HAWK

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling.Coded In PHP Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois Lookup IMPROVED...

8AI score