CVE-2017-1000069

The CVE-2017-1000069 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Bitly oauth2_proxy version 2.1 during the authentication flow. Connected documents corroborate CSRF as the vulnerability class affecting Bitly oauth2_proxy 2.1. The primary impact is reflected in the CVSS me...

CVE-2017-1000070

CVE-2017-1000070 concerns the Bitly oauth2_proxy showing an open redirect vulnerability in versions up to 2.1 during the start and end of the 2-legged OAuth flow. The root cause cited is improper input validation violating RFC-6819, allowing an attacker to redirect users to arbitrary sites. The c...

CVE-2017-1000069

CSRF in Bitly oauth2proxy 2.1 during authentication flow...

CVE-2017-1000070

The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...

WordPress wpCommentTwit 0.5 CSRF / XSS

Title: CSRF/XSS Vulnerability in wpCommentTwit WP Plugin Author: Manideep K CVE-ID: CVE-2014-9340 Plugin Homepage: https://wordpress.org/plugins/wpcommenttwit/ Version Affected: 0.5 probably lower versions Severity: High About Plugin: wpCommentTwit is a plugin that will notify you of a new commen...

Koler Android Ransomware Learns to Spread via SMS

Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim’s infected mobile phone hostage until a ransom is paid. Researchers observed the Koler Android ransomware Trojan, at the very first time, in May when th...

Bitly Developing Two Factor Authentication Following Compromise

The link-shortening service Bitly announced late last week that it’s ramping up its development of two-factor authentication following a compromise that leaked user information on Thursday. The breach, first discovered Thursday morning, spilled users’ email addresses, encrypted salted and hashed...

Bitly Compromised, Users Urged to Change Passwords

Link shortening service Bitly informed its users Thursday that it believes user credentials – passwords, API keys and OAuth tokens – have been compromised. While the company claims there’s no real indication that any accounts were accessed without authorization, in a post on its blog the company...

Popular URL Shortener 'Bitly' User Accounts Reportedly Compromised

The famous URL shortening service is facing a data breach. The very popular URL shortening service Bitly, has issued an urgent security warning saying that its users’ account credentials may have been compromised, according to a blog post published yesterday. "We have reason to believe that Bitly...