Lucene search
K

283 matches found

Hacker One
Hacker One
added 2015/12/19 3:6 p.m.16 views

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

6.8AI score
Exploits0
n0where
n0where
added 2015/11/04 11:20 p.m.71 views

The Artillery Project

Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems. It’s relatively simple, run ./setup.py and hit yes, this will install Artillery in...

1AI score
Exploits0References1
Hacker One
Hacker One
added 2015/10/26 6:10 p.m.20 views

itBit Exchange: user-agent Content spoofing

Upon every unsuccessful login attempt an email is sent to the user containing the time of login attempt ,user-agent and ip .It is possible to modify the request using proxy tools and modify the user agent string to to a malicious link and the email being sent to notify the user will contain this...

6.8AI score
Exploits0
Fedora
Fedora
added 2015/08/18 5:14 a.m.19 views

[SECURITY] Fedora 21 Update: nagios-plugins-2.0.3-1.fc21

Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks ar...

2.1CVSS1.6AI score0.01083EPSS
Exploits2
exploitpack
exploitpack
added 2015/07/08 12:0 a.m.50 views

AirLink101 SkyIPCam1620W - OS Command Injection

AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...

9CVSS0.16987EPSS
Exploits5
Hacker One
Hacker One
added 2015/05/31 5:53 p.m.29 views

Coinbase: Big Bug with Vault which i have already reported: Case #606962

All info was provided via email you guys asked me to put my case number here. Case 606962 im [email protected] on coinbase...

6.9AI score
Exploits0
Atlassian
Atlassian
added 2015/05/28 8:4 p.m.32 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2015/05/18 5:31 a.m.14 views

HackerOne: Email Notification should be get while changing Paypal Email

an email notification should be get while changing paypal email address when we use hackerone a/c in any team there many people in team member so when we change paypal email an email notification should be get...

1.3AI score
Exploits0
Kitploit
Kitploit
added 2015/05/08 2:13 p.m.31 views

Kunai - Pwning & Info Gathering via User Browser

Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...

6.6AI score
Exploits0References1
Fedora
Fedora
added 2015/04/09 9:10 a.m.12 views

[SECURITY] Fedora 21 Update: drupal7-webform-4.7-1.fc21

Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...

2.8AI score
Exploits0
Hacker One
Hacker One
added 2015/02/28 6:9 a.m.52 views

HackerOne: Auto Approval of Invitation to join Team as a Team member

Hi Hackerone, I have found a vulnerability wherein once a Team manager of any team sends out an Invitation to another Hackerone user to join his team, the invited team member gets auto accepted into the team to which he is being invited to join. The choice of "Accept" or "Reject" invitation which...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.44 views

[SECURITY] [DSA 3149-1] condor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...

1.6AI score0.0308EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/03 12:0 a.m.25 views

Debian DSA-3149-1 : condor - security update

Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to...

8.8CVSS7.3AI score0.0308EPSS
Exploits0References4
Debian
Debian
added 2015/02/02 6:50 p.m.12 views

[SECURITY] [DSA 3149-1] condor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...

6.5CVSS1.3AI score0.0308EPSS
Exploits0
Debian
Debian
added 2015/02/02 6:50 p.m.21 views

[SECURITY] [DSA 3149-1] condor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...

8.8CVSS8.9AI score0.0308EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/02/01 12:0 a.m.22 views

Debian: Security Advisory (DSA-3149-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.0308EPSS
Exploits0References3
Hacker One
Hacker One
added 2015/01/21 4:27 p.m.19 views

itBit Exchange: Notification Emails: IP + Content-Spoofing

Hello there, As far as every successfull login attemp ends with e-mail to user with information about time of login, User-Agent and IP address. There is possibility to log in using modified X-Forwarded-For header with other IP address, so user can be faked that someone with different IP looged to...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/01/12 8:25 p.m.31 views

Important: Red Hat Security Advisory: condor security update

Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

8.8CVSS7AI score0.0308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/01/12 8:14 p.m.1 views

condor: mailx invocation enables code execution as condor user

The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user...

8.8CVSS7.2AI score0.0308EPSS
Exploits0References4
Veeam
Veeam
added 2014/12/25 2:31 p.m.17 views

Release Notes for Veeam Backup & Replication 8.0 Patch 1

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 8.0 Update 1 Cause Please confirm you are running version 8.0.0.807, 8.0.0.817 or 8.0.0.831 prior to installing...

6.8AI score
Exploits0
Rows per page
Query Builder