Lucene search
K

283 matches found

The Hacker News
The Hacker News
added 2018/08/30 7:21 a.m.78 views

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected

Air Canada has confirmed a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users. The company said it had "detected unusual log-in behavior" on its mobile app between August 22 and 24, during which the personal information for some of its customers "may...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2018/07/23 3:39 p.m.44 views

New Relic: Missing security best practices (leads to further impact)

Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords steps to reproduce the two issues create account with password example badcracker@123 change password to...

0.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/07/16 10:2 p.m.9 views

renshooyenga.nl XSS vulnerability

Open Bug Bounty ID: OBB-648695 Description| Value ---|--- Affected Website:| renshooyenga.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Hacker One
Hacker One
added 2018/01/23 12:40 p.m.13 views

Nextcloud: Email Notification should be get while changing password on apps.nextcloud.com

Hi, There is an issue with password reset functionality with Nextcloud: user is not receiving notification when he reset password. Issue: user not always gets a notification about password change. When user change his password then a notification is not send to the user. It is good to always send...

7AI score
Exploits0
OSV
OSV
added 2017/11/09 4:24 p.m.7 views

SUSE-SU-2017:2964-1 Security update for SUSE Manager Server 3.0

This update fixes the following issues: nutch: - Log Hadoop into proper log dir bsc1061574: change-default-log-location.patch salt-netapi-client: See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.13.0 spacecmd: - Configchannel export binary flag to json bsc1044719 spacewalk: - Suppo...

5.4CVSS5.7AI score0.00641EPSS
Exploits0References41
Hacker One
Hacker One
added 2017/10/24 5:49 p.m.31 views

Infogram: No notification on Password Change

Hi Team, Description : I noticed there is an issue with password reset functionality user is not receiving notification when he reset password. Even though when user change password through profile, not getting an email notification. Issue: user not always gets a notification about password chang...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/19 2:35 p.m.10 views

Infogram: Email notification is not being sent while changing passwords

Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords. Impact:- Case-1:- -whenever a user requests a reset token for recovery of his account,a reset token is being to...

7.2AI score
Exploits0
OSV
OSV
added 2017/09/25 4:29 p.m.13 views

CVE-2017-9551

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usrregistration table. The values are then emailed to the the user and...

6.1CVSS6.1AI score
Exploits0References2
Krebs on Security
Krebs on Security
added 2017/09/24 12:53 p.m.90 views

Equifax or Equiphish?

More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/01 12:0 a.m.67 views

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure

Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and technologies that help customers worldwide print, secure and manage information with ease, efficiency and unmatched value...

9.7AI score0.03358EPSS
Exploits3
Kitploit
Kitploit
added 2017/07/31 10:12 p.m.27 views

CookieCatcher - Tool to assist in the exploitation of XSS

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

6.5AI score
Exploits0References1
Hacker One
Hacker One
added 2017/07/02 11:4 a.m.95 views

WakaTime: Missing Account Deletion Notification

Currently, there is no email notification sent out when the account was deleted. I understand it asks for the password to delete but when an attacker somehow get's the credentials, he can only 'read' users data without alarming the user. It would stop him if he knows the user would come to know...

5AI score
Exploits0
Hacker One
Hacker One
added 2017/07/01 3:24 a.m.49 views

WakaTime: No notificatoin sent on email after account deletion.

Hi again, Description: I've just noticed that there's no email notification received after successfully removal of account. Fixation: User should be notified by email notification at his email after removal of an account. Cheers Mansoor...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2017/06/15 4:56 a.m.44 views

HackerOne: Updating payout preference to CurrencyCloud doesn't notify user via email

When change payment method in user's payments, then a notification about Change payment method is sent to the user email. However, user not always gets a notification about change payment method - when change payment method via add payout method on Payout Methods, then such a notification is not...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/06/06 3:29 a.m.26 views

Mixmax: [app.mixmax.com] Stored XSS on Adding new enhancement.

Hi Mixmax team, Today I just found a Stored XSS on app.mixmax.com by adding a new enhancement. Just follow the steps below to reproduce this bug. Vulnerable URL APP MIXMAX - Settings - Integrations & API Payload " Steps to reproduce - Go to the Vulnerable URL. - Click Integrations & API then clic...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2017/05/19 4:1 p.m.16 views

Weblate: No notificatoin sent on email after account deletion.

Hi again, Description: As I reported in previous report about account deletion about without entering password 229904 I've just noticed that there's no email notification received after successfully removal of account. Fixation: User should be notified by email notification at his email after...

1.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/08 3:41 p.m.16 views

Senator Demands Answers About CloudPets Breach

A U.S. senator has called Spiral Toys onto the carpet for its data security practices in light of the recent CloudPets breach. Sen. Bill Nelson D-FL, a ranking member of the Committee on Commerce, Science and Transportation and backer of a 2016 report on security and privacy concerns related to...

6.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2016/08/29 5:22 p.m.12 views

1.7 Million Opera Browser Users Told To Reset Passwords

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync password...

0.6AI score
Exploits0References4
Hacker One
Hacker One
added 2016/07/03 11:31 a.m.13 views

Paragon Initiative Enterprises: Issue with password reset functionality [Minor]

Dear Team, There is password change issue with bridge.cspr.ng Issue: ------------- User is not receiving notification when he/she reset password via password reset link. when user change his info like password change. User doesn't get email notification for password change etc. It will be a good...

0.8AI score
Exploits0
n0where
n0where
added 2016/04/15 12:33 p.m.41 views

Linux Vulnerability Scanner: Vuls

Vulnerability scanner for Linux, agentless, written in golang For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use...

0.2AI score
Exploits0References2
Rows per page
Query Builder