Lucene search
K

32 matches found

Huntr
Huntr
added 2023/03/21 3:25 a.m.20 views

Unauthenticated Access to Users PII

Description A Unauthorized/Unauthenticated Attacker can access PII data of all the Users. Some of the PII leaked are: first name, last name, email, username, IP address, twofactorsecret, twofactorrecoverycodes Proof of Concept http://localhost/api/user It shows you details of all the users...

4CVSS6.4AI score0.00504EPSS
Exploits0
Hacker One
Hacker One
added 2022/09/02 8:43 p.m.46 views

U.S. Dept Of Defense: IDOR leaking PII data via VendorId parameter

Description: Dear DoD, I found one bug on your domain from Hack US program: █████ It's IDOR bug. Make sure to know that I didn't test many funcs here for IDOR. I didn't test for ATO Account Takeover. But you should fix this. Here's the PoC: ██████████ Thank you DoD! Impact An attacker could steal...

6.7AI score
Exploits0
HackRead
HackRead
added 2022/06/09 3:28 p.m.23 views

MyEasyDocs Exposed 30GB of Israeli and Indian Students PII Data

By Waqas MyEasyDocs is a Chennai, India based online documents verification platform whose Microsoft Azure server exposed data of over… This is a post from HackRead.com Read the original post: MyEasyDocs Exposed 30GB of Israeli and Indian Students PII Data...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2022/05/21 6:5 p.m.24 views

Trellix: Sensitive Information Disclosure

Sensitive information, including Personally Identifiable Information PII data, was being disclosed through JEB 4.2.0.202106271614 licensed to a specific user. The vulnerability allowed unauthorized access to the information and could potentially lead to data breaches...

6.7AI score
Exploits0
Huntr
Huntr
added 2022/01/02 8:29 p.m.18 views

Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber

Description Any unauthorized/unauthenticated actor can find the PII data of all the users registered in the application. PII - Personally Identifiable Information leaked by this application is first name, last name, email id, picture, username, isadmin status Proof of Concept 1 Visit...

5CVSS1.3AI score0.1201EPSS
Exploits1
Hacker One
Hacker One
added 2021/07/09 8:24 p.m.293 views

HackerOne: PII data Leakage through hackerone reports

Summary: I found PII data leakage through the HackerOne report. I found a link in one of the disclosed report that allow me to get the address and phone numbers of security researchers. Here I got the address and phone number of ████ ███ Vulnerability Name: PII data Leakage through Steps to...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2020/06/19 10:20 a.m.106 views

Curve: Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us

Hi, When am going through all the JS files in curve.com I found a link called "/usa" is used to create Curve USA Waitlists by entering your name, email address, mobile number and address details. F874173 Then there is a functionality called "Track my Position" by using which joined users can view...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2020/02/14 2:36 a.m.13 views

U.S. Dept Of Defense: [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator

Summary: Hello. Due to insufficient access controls and poor implementation of the registration at https://████████/████/login.cfm it was possible to register while privilege escalating to an administrator. Description: It was possible to tamper with the registration request at...

0.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/05/17 2:14 p.m.158 views

This Week in Security News: Unsecured Servers and Vulnerable Processors

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about vulnerabilities that can allow hackers to retrieve data from CPUs and mine cryptocurrency. Read on: May’s Patch Tuesday Include...

10CVSS0.3AI score0.98326EPSS
Exploits5
Hacker One
Hacker One
added 2018/06/01 2:42 p.m.42 views

Starbucks: Information Leak - Github - JMS Information

Hi, After some research, I found a leak on GitHub that might lead to accessing sensitive data of employees or clients not sure based on the code. There is also a SAP S-user to access a cloud based HANA service. I have not confirmed what kind of data is in there to avoid potential legal issues. I...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/06/09 5:29 a.m.8 views

pijao-quindio.gov.co XSS vulnerability

Open Bug Bounty ID: OBB-246357 Description| Value ---|--- Affected Website:| pijao-quindio.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2011/08/11 11:45 p.m.21 views

VSploit Web PII

This module emulates a webserver leaking PII data This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit Web PII', 'Description' = 'This module emulates a webserver leaking PII data', 'License...

7.3AI score
Exploits0
Rows per page
Query Builder