Lucene search
K

228 matches found

Hacker One
Hacker One
added 2017/06/15 12:24 a.m.25 views

GoCD: Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml

The /go/admin/restful/configuration/file/POST/xml path is vulnerable to Cross-Site Request Forgery that can result in an unauthorized user adding to the server cruise-config.xml and gaining complete control of the server. Successful exploitation is made difficult by the need for the admin to be...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2016/12/11 12:39 a.m.14 views

GoCD: Reflected XSS vector

Hello GoCD team, I noticed a reflected / stored XSS vulnerability vector that could potentially be used to impact security of GoCD users. - https://www.go.cd/user/upoad/..%2F..%2F - https://docs.go.cd/current/user/upoad/..%2F..%2F As you should see, this link is considered as valid by the HTTP...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 4:25 p.m.60 views

GoCD: X-Content-Type-Options header missing at Auth Login

Hello Again, The doesn't have a header settings for X-Content-Type Options which means it is vulnerable to MIME sniffing. The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 4:7 p.m.13 views

GoCD: Reflected XSS

Possible XSS when updating server configuration...

2AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 3:51 p.m.23 views

GoCD: Directory Listening

Hello Team, Found Directory Listening : http://IP:8153/go/NOTICE/ F105317 There is not usually any good reason to provide directory listings, and disabling them may place additional hurdles in the path of an attacker. This can normally be achieved in two ways: Configure your web server to prevent...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 8:29 a.m.16 views

GoCD: Possible SSRF at URL Parameter while creating a new package repository

Possible SSRF vulnerability when creating a new package repository on GoCD...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 8:25 a.m.15 views

GoCD: Cross Site Scripting

Possible XSS vulnerability when creating a new package repository on GoCD...

1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/16 3:22 a.m.25 views

GoCD: XSS in http://localhost:8153/go/admin/config/server/update

Possible XSS when updating server configuration...

0.2AI score
Exploits0
Rows per page
Query Builder