Werewolf Online 0.8.8 - Information Disclosure

Werewolf Online 0.8.8 - Information Disclosure Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link:...

Werewolf Online 0.8.8 Information Disclosure

Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link: https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details Exploit Author: ManhNho Version...

Design/Logic Flaw

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output...

CVE-2018-11505

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output...

CVE-2018-11505

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output...

CVE-2018-11505

Summary : CVE-2018-11505 affects the Android Werewolf Online app (version 0.8.8). An information-disclosure vulnerability exists where an attacker can obtain the Firebase token by reading logcat output, due to insecure logging practices. The connected documents describe the exploit scenario on An...

CVE-2018-11505

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output...

FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan

FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...

Jerome Gamez Firebase Admin SDK for PHP Access Control Error Vulnerability

Jerome Gamez Firebase Admin SDK for PHP is a PHP-based software development kit. An access control error vulnerability exists in the src/Firebase/Auth/IdTokenVerifier.php file in the Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0 through 3.8.0, which stems from the program's failure to...

Improper access control

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...

CVE-2018-1000025

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...

CVE-2018-1000025

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...

CVE-2018-1000025

CVE-2018-1000025 affects Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0–3.8.0. Affected component: src/Firebase/Auth/IdTokenVerifier.php; root cause: token signature is not verified, enabling forging of JWTs with arbitrary email addresses and user IDs. Impact: improper access control via ...

CVE-2018-1000025

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...

Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air.

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air.

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

Beware! New Android Malware Infected 2 Million Google Play Store Users

Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million. Yes, about 2 Million Android users have fallen victim to malware hidden in over 40 fake companion guide...

Telegram BBBot - Telegram Bug Bounty Bot

Telegram Bug Bounty Bot https://telegram.me/bugbountychannel History This bot adopted special for deploying to Heroku General purposes of this got - "Be helpful for infosec community!" Bot use https://github.com/maddevsio/bbcrawler for fetching information Used heroku...

Instacart: Authorization Bypass in Delivery Chat Logs

An authorization issue in the mobile app API allows any Instacart user to gain access to other users' order delivery chat logs. The /api/v2/orderdeliveries/:orderdeliveryid/orderchangelogs endpoint does not sufficiently check if the user has permissions to access that particular order's chat logs...

DEBIAN-CVE-2006-0748

Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index...