283 matches found
HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...
The Artillery Project
Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems. It’s relatively simple, run ./setup.py and hit yes, this will install Artillery in...
itBit Exchange: user-agent Content spoofing
Upon every unsuccessful login attempt an email is sent to the user containing the time of login attempt ,user-agent and ip .It is possible to modify the request using proxy tools and modify the user agent string to to a malicious link and the email being sent to notify the user will contain this...
[SECURITY] Fedora 21 Update: nagios-plugins-2.0.3-1.fc21
Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks ar...
AirLink101 SkyIPCam1620W - OS Command Injection
AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...
Coinbase: Big Bug with Vault which i have already reported: Case #606962
All info was provided via email you guys asked me to put my case number here. Case 606962 im [email protected] on coinbase...
Project's permission bypass JIRA global permissions
h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...
HackerOne: Email Notification should be get while changing Paypal Email
an email notification should be get while changing paypal email address when we use hackerone a/c in any team there many people in team member so when we change paypal email an email notification should be get...
Kunai - Pwning & Info Gathering via User Browser
Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...
[SECURITY] Fedora 21 Update: drupal7-webform-4.7-1.fc21
Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...
HackerOne: Auto Approval of Invitation to join Team as a Team member
Hi Hackerone, I have found a vulnerability wherein once a Team manager of any team sends out an Invitation to another Hackerone user to join his team, the invited team member gets auto accepted into the team to which he is being invited to join. The choice of "Accept" or "Reject" invitation which...
[SECURITY] [DSA 3149-1] condor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...
Debian DSA-3149-1 : condor - security update
Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to...
[SECURITY] [DSA 3149-1] condor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3149-1] condor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3149-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
itBit Exchange: Notification Emails: IP + Content-Spoofing
Hello there, As far as every successfull login attemp ends with e-mail to user with information about time of login, User-Agent and IP address. There is possibility to log in using modified X-Forwarded-For header with other IP address, so user can be faked that someone with different IP looged to...
Important: Red Hat Security Advisory: condor security update
Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
condor: mailx invocation enables code execution as condor user
The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user...
Release Notes for Veeam Backup & Replication 8.0 Patch 1
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 8.0 Update 1 Cause Please confirm you are running version 8.0.0.807, 8.0.0.817 or 8.0.0.831 prior to installing...