932 matches found
Slack: URL redirection flaw
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...
Slack: Stored XSS in www.slack-files.com
Hi, We can create posts under https://subdomain.slack.com/files/create/post Post will have XSS payload like " in title and body We save it and hit "Create public link" and once we share the link it will trigger XSS. Example/POC: https://slack-files.com/T025LLJ2X-F025N8W7W-3a5691 Thanks Prakhar...
Slack: Session Fixation disclosing email address
Desc: Session fixation occurs due to SessionID in URL. A valid session-URL should be only a one time use. In this case a valid session-URL remains active for infinite time. The browser/cache may store this unique Session-URL and disclose EMAIL address of the user. Working: 1Register 2One...
Slack: Slack OAuth2 "redirect_uri" Bypass
Hi, I've found a way to circumvent redirecturi restrictions imposed by the web application using domain-suffix/subdomain technique. I created an OAuth application under https://api.slack.com/applications/new. That has OAuth redirecturi configured to http://www.google.com. So technically Allowed...
Slack: Broken Authentication (including Slack OAuth bugs)
Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirecturi validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can ste...
Slack: Reflective XSS can be triggered in IE
https://slack.com/go/2-2190974613-d56827?77d50"alert9 The following URL is vulnerable to XSS and can be reproduce in IE...
Computerviren - Arten, Verfahren, Technik & Geschichte
Document Title: =============== Computerviren - Arten, Verfahren, Technik & Geschichte References: =========== https://www.vulnerability-lab.com/resources/documents/194.pdf Release Date: ============= 2011-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 194 Discovery...
CVE-2005-4151
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...
CVE-2005-4151
The CVE-2005-4151 entry concerns the Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier. The issue is that the utility does not clear file slack space in the last cluster for a file, enabling local users to access previous contents of the disk. A...
CVE-2005-4151
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...
PGP Desktop Wipe Free Space incomplete information wiping
Slack space in the last file cluster is not cleaned...
Information leak in the Linux kernel ext2 implementation
Description: Information leak in the Linux kernel ext2 implementation References: CAN-2005-0400 Authors: Mathieu Lafon [email protected] Romain Francoise [email protected] Arkoon Security Team Advisory - March 25, 2005 http://arkoon.net/advisories/ext2-make-empty-leak.txt Revision: 1.0 1...