OSINT Chrome Extension: ThreatPinch Lookup

OSINT Chrome Extension ThreatPinch was designed to enable information security professionals quick reference checks for commonly looked up indicators without having to leave the comfort of their current webpage. Be it, IPv4 addresses, MD5/SHA2 hashes, these indicators are usually copied and paste...

HackerOne: HackerOne Integrations Design Issue

Summary HackerOne Integrations Design Issue Description Include Impact This bug is similar to 170552. The HackerOne Integrations feature is very sensitive and can not be used with just a click, IMHO, or we can say "HackerOne users are a click away from​ giving to an attacker very sensitive...

TestingWhiz - Codeless Software Testing Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

HackerOne: Slack integration setup lacks CSRF protection

Details: Summary: Cross-site Request Forgery in the Integrations https://hackerone.com/YOURTEAM/integrations feature for teams. Description Include Impact: The Integrations flow is insecure, because it can be abused by CSRF. PoC: Request GET https://hackerone.com/auth/slack HTTP/1.1 Response...

HackerOne: Limited CSRF bypass.

Hello team I have found an very limited CSRF which could be valid for GET requests only. And the Integrations Tab is can be used in bypass Description : Effected url :-...

WordPress Contact Form 7 Integrations Multiple Cross Site Scripting Vulnerabilities

WordPress Contact Form 7 Integrations is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVE-2014-6445

Multiple cross-site scripting XSS vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 uE or 2 uC parameter...

CVE-2014-6445

CVE-2014-6445 concerns the WordPress plugin Contact Form 7 Integrations (includes/toAdmin.php) with multiple XSS vulnerabilities in versions 1.0–1.3.10. The flaws allow remote attackers to inject arbitrary script/HTML via the uE or uC parameters. Public references (NVD, WPVulndb, OpenVAS entries,...

WordPress Contact Form 7 Integrations Plugin <= 1.3.10 - Multiple XSS

Because of these vulnerabilities in includes/toAdmin.php, the attackers can inject arbitrary web script or HTML via the "uE" or "uC" parameter. Solution Update the plugin...

Slack: Content Spoofing all Integrations in https://team.slack.com/services/new/

Hello There, I've discovered 48+ content spoofing and confirmed all of your Integrations at https://team.slack.com/services/new/ is vulnerable to Content spoofing and exploitable to all users. Content Spoofing An attack technique used to trick a user into thinking that fake web site content is...

Slack: Content spoofing at Stripe Integrations

I have found Content Spoofing Vulnerable in Slack at Stripe Integrations vulnerability is exploitable to all users Proof of concept: https://asdasda.slack.com/services/2481499413?error=content%20spoofing%20! Regards, Jayson Zabate...

PacketFence v4.3.0 - Free and Open Source network access control (NAC) solution

PacketFence is a fully supported , trusted , Free and Open Source network access control NAC solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer...

Joomla EasyBlog Persistent XSS Vulnerability

No description provided by source. Name : Joomla EasyBlog Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://stackideas.com/products/easyblog.html Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Slack: Stored XSS in slack.com (integrations)

Hi Slack, i'm going to report stored xss in slack integrations. Attack String Payload: http://jeroldcamacho.com/%5Ex1s1s/slack.com.txt Proof of Concept: here is the videoVideo. video: https://www.dropbox.com/s/3qfo5fdezn6ci2q/slack.com%20xss.avi Thanks, Jerold Camacho...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

Firefox 21 Launches with 3 critical fixes and new Social Integrations

Mozilla has launched Firefox 21 for Mac, Windows, and Linux, adding a number of improvements, namely to the browser's Social API. "Today, we are adding multiple new social providers Cliqz, Mixi and msnNOW to Firefox," wrote Mozilla in a blog post today. The browser first added Facebook integratio...

Firefox 21 Launches with 3 critical fixes and new Social Integrations

Mozilla has launched Firefox 21 for Mac, Windows, and Linux, adding a number of improvements, namely to the browser's Social API. "Today, we are adding multiple new social providers Cliqz, Mixi and msnNOW to Firefox," wrote Mozilla in a blog post today. The browser first added Facebook integratio...

Joomla EasyBlog Cross Site Scripting

Name : Joomla EasyBlog Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://stackideas.com/products/easyblog.html Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger greetz to...

Joomla! Component EasyBlog - Persistent Cross-Site Scripting

Joomla! Component EasyBlog - Persistent Cross-Site Scripting Name : Joomla EasyBlog Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://stackideas.com/products/easyblog.html Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...