Lucene search
K

593 matches found

myhack58
myhack58
added 2014/12/05 12:0 a.m.12 views

A combination of punches: three vulnerabilities to achieve a PayPal account-hijacking-vulnerability warning-the black bar safety net

PayPal is an eBay owned popular third-party payment product, similar to domestic PayPal. Recently researchers in their web applications were found in three high-risk vulnerabilities, an attacker can exploit these vulnerabilities to control any user of the PayPal account. The black bar safety net...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/22 12:0 a.m.26 views

Ubuntu 14.04 LTS : OpenStack Nova vulnerability (USN-2325-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2325-1 advisory. Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy...

4.3CVSS5.5AI score0.01938EPSS
Exploits0References2
OSV
OSV
added 2014/08/19 6:55 p.m.3 views

DEBIAN-CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

5CVSS6.8AI score0.02774EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/08/13 1:36 a.m.5 views

pycadf: token leak to message queue

It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the...

5CVSS5.7AI score0.02774EPSS
Exploits0References4
myhack58
myhack58
added 2014/07/15 12:0 a.m.48 views

Facebook SDK vulnerability threatening millions of mobile phone users accounts-vulnerability warning-the black bar safety net

From MetaIntell the smartphone leadership risk management(MRM)security researchers, found a latest version of Facebook SDK vulnerability in the vulnerability exposes millions of Facebook user's authentication token, it still sounds very scary. ! Facebook for Android and IOS SDK provides the use o...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2014/05/27 9:27 a.m.19 views

Factlink: Sign up CSRF

Any user can be forced to sign up and presented with a home dash board . here is the csrf Save this any name.html and then double clik you will be presented as home panel authentication token is there but that is not preventing csrf issue . Remediation : Use CSRF token . Thanks CKN...

1.1AI score
Exploits0
NVD
NVD
added 2014/05/14 7:55 p.m.23 views

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

5.5CVSS6.9AI score0.01204EPSS
Exploits0References2
OSV
OSV
added 2014/05/14 7:55 p.m.1 views

DEBIAN-CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

5.5CVSS7AI score0.01204EPSS
Exploits0References1
OSV
OSV
added 2014/05/14 7:55 p.m.6 views

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

7.2AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/05/14 7:55 p.m.37 views

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

5.5CVSS5.9AI score0.01204EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/05/14 7:0 p.m.30 views

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

6.9AI score0.01204EPSS
Exploits0References2
PyPA
PyPA
added 2014/04/15 2:55 p.m.7 views

PYSEC-2014-70

The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...

6CVSS7.1AI score0.01101EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2013/12/27 1:55 a.m.6 views

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

2.1CVSS6.6AI score0.00238EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2013/12/23 12:0 a.m.51 views

Zimbra Collaboration Server LFI

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'Zimbra Collaboration Server LFI', 'Description' = %q This module exploits a local file inclusion on Zimbra...

5CVSS9.5AI score0.86196EPSS
Exploits7
Metasploit
Metasploit
added 2013/12/17 6:32 p.m.42 views

Zimbra Collaboration Server LFI

This module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an...

5CVSS7.6AI score0.86196EPSS
Exploits7
0day.today
0day.today
added 2013/10/23 12:0 a.m.92 views

Windows Management Instrumentation (WMI) Remote Command Execution

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic...

7.5CVSS6.8AI score0.63703EPSS
Exploits13
Metasploit
Metasploit
added 2013/09/20 5:36 p.m.96 views

Windows Management Instrumentation (WMI) Remote Command Execution

This module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that...

7.5CVSS7.4AI score0.63703EPSS
Exploits13
OSV
OSV
added 2013/05/21 6:55 p.m.5 views

CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

6.2AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2013/05/09 3:0 p.m.26 views

CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

6CVSS5.9AI score0.02468EPSS
Exploits1References2
myhack58
myhack58
added 2013/04/21 12:0 a.m.20 views

Lilac vulnerability of small packs containing process, the reflective xss the use of skill-the loophole warning-the black bar safety net

Brief description: Lilac garden a few small packs, xss+url jump Detailed description: http://paper.pubmed.cn/do.php?ac=login&rfu=http://paper. pubmed. cn/ rfu address not verified http://paper.pubmed.cn/do.php?ac=login&rfu=can be configured on any link to jump The main or talk aboutxss?, no...

7.2AI score
Exploits0
Rows per page
Query Builder