Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

0day.today
0day.todayadded 2021/04/21 12:0 a.m.45 views

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ur username : "...

7.5CVSS7.6AI score0.03073EPSS
Exploits4
Packet Storm
Packet Stormadded 2021/04/21 12:0 a.m.352 views

Discourse 2.7.0 2FA Bypass

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...

5CVSS7.6AI score0.03073EPSS
Exploits4
Hacker One
Hacker Oneadded 2018/02/20 1:0 a.m.41 views

Nextcloud: twofactor_auth bypassable if provider fails to load

Just want to preface this by saying that this is probably not a significant vulnerability, as it requires that the server either have recently been incorrectly upgraded or otherwise misconfigured. However in the administration of my own personal NextCloud instance I have hit this several times...

4.3CVSS1.2AI score0.00811EPSS
Exploits0
Hacker One
Hacker Oneadded 2017/10/21 11:28 a.m.20 views

Inflection: Limited Account Takeover via Backup codes

Researcher submitted a duplicate of a previously-submitted report and requested public disclosure of this report...

6.8AI score
Exploits0
ThreatPost
ThreatPostadded 2017/03/24 1:46 p.m.19 views

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

0.1AI score
Exploits0References7
Hacker One
Hacker Oneadded 2015/11/19 4:6 p.m.41 views

HackerOne: Pre-generation of 2FA secret/backup codes seems like an unnecessary risk

If you manage to get a malicious script running in HackerOne, requesting https://hackerone.com/settings/authentication/edit and parsing out the two factor authentication form will yield either… - the 2FA secret key and backup codes that will be used if 2FA is enabled for the first time this sessi...

0.8AI score
Exploits0
The Hacker News
The Hacker Newsadded 2011/02/11 5:10 p.m.6 views

2-step verification, Advanced sign-in security for your Google account !

Has anyone you know ever lost control of an email account and inadvertently sent spam—or worse—to their friends and family? There are plenty of examples like the classic "Mugged in London" scam that demonstrate why it's important to take steps to help secure your activities online. Your Gmail...

7.3AI score
Exploits0
Rows per page
Query Builder