Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

147 matches found

Hacker One
Hacker Oneadded 2018/02/16 7:30 p.m.31 views

Rockstar Games: SocialClub's Facebook OAuth Theft through Warehouse XSS.

In this report, the researcher was able to chain together 3 separate, minor bugs to create an exploit that was greater than the sum of its parts. This exploit could have potentially allowed attackers to steal OAuth tokens from users. The exploit chain involved taking advantage of our SSO between...

2.6AI score
Exploits0
OSV
OSVadded 2018/01/23 12:0 a.m.2 views

UBUNTU-CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...

7.5CVSS7.1AI score0.02074EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2017/06/18 4:21 p.m.10 views

Inflection: Session ID is accessible via XSS

Researcher found a vulnerability in the authentication flow that, when chained with an XSS vulnerability could lead to session take over...

3.3AI score
Exploits0
Citrix
Citrixadded 2017/03/28 12:0 a.m.6 views

How to Configure NetScaler as IDP for SAML Based Integration with 15Five

This article describes how to configure NetScaler as an Identity Service Provider IDP for 15Five SaaS applications, using SAML Security Assertion Markup Language protocol. Introduction 15Five is a company that provides performance management platform that combines employee feedback, objectives...

7.2AI score
Exploits0
RedhatCVE
RedhatCVEadded 2016/12/13 7:47 p.m.20 views

CVE-2016-8609

It was found that the keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks...

8.1CVSS1.9AI score0.01679EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2014/05/27 8:6 a.m.28 views

Factlink: Login CSRF using Twitter oauth

this bug allows a user to be logged in as the attacker. The main reason is that no state is maintained in the authentication flow. Although the Twitter flow still uses OAuth 1.0A, which has no state parameter as in OAuth 2, it is still possible to prevent this type of attack by setting an...

1.8AI score
Exploits0
Hacker One
Hacker Oneadded 2014/02/23 5:25 p.m.69 views

Phabricator: Login CSRF using Twitter OAuth

This bug is related to bug report 774 Log in a user to another account by @dawidczagan as this bug also allows a user to be logged in as the attacker. The main reason is that no state is maintained in the authentication flow. Although the Twitter flow still uses OAuth 1.0A, which has no state...

2.1AI score
Exploits0
Rows per page
Query Builder