Lucene search
K

932 matches found

Hacker One
Hacker One
added 2014/03/01 10:3 p.m.29 views

Slack: URL redirection flaw

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 9:29 p.m.22 views

Slack: Stored XSS in www.slack-files.com

Hi, We can create posts under https://subdomain.slack.com/files/create/post Post will have XSS payload like " in title and body We save it and hit "Create public link" and once we share the link it will trigger XSS. Example/POC: https://slack-files.com/T025LLJ2X-F025N8W7W-3a5691 Thanks Prakhar...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 4:49 p.m.23 views

Slack: Session Fixation disclosing email address

Desc: Session fixation occurs due to SessionID in URL. A valid session-URL should be only a one time use. In this case a valid session-URL remains active for infinite time. The browser/cache may store this unique Session-URL and disclose EMAIL address of the user. Working: 1Register 2One...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 3:12 p.m.38 views

Slack: Slack OAuth2 "redirect_uri" Bypass

Hi, I've found a way to circumvent redirecturi restrictions imposed by the web application using domain-suffix/subdomain technique. I created an OAuth application under https://api.slack.com/applications/new. That has OAuth redirecturi configured to http://www.google.com. So technically Allowed...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 11:56 a.m.15 views

Slack: Broken Authentication (including Slack OAuth bugs)

Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirecturi validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can ste...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2014/02/28 11:48 p.m.18 views

Slack: Reflective XSS can be triggered in IE

https://slack.com/go/2-2190974613-d56827?77d50"alert9 The following URL is vulnerable to XSS and can be reproduce in IE...

0.8AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2011/07/17 12:0 a.m.15 views

Computerviren - Arten, Verfahren, Technik & Geschichte

Document Title: =============== Computerviren - Arten, Verfahren, Technik & Geschichte References: =========== https://www.vulnerability-lab.com/resources/documents/194.pdf Release Date: ============= 2011-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 194 Discovery...

0.1AI score
Exploits0
NVD
NVD
added 2005/12/10 11:3 a.m.15 views

CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...

2.1CVSS6.3AI score0.00452EPSS
Exploits1References8
CVE
CVE
added 2005/12/10 11:0 a.m.41 views

CVE-2005-4151

The CVE-2005-4151 entry concerns the Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier. The issue is that the utility does not clear file slack space in the last cluster for a file, enabling local users to access previous contents of the disk. A...

2.1CVSS6.7AI score0.00452EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2005/12/10 11:0 a.m.18 views

CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...

6.3AI score0.00452EPSS
Exploits1References8
securityvulns
securityvulns
added 2005/12/09 12:0 a.m.26 views

PGP Desktop Wipe Free Space incomplete information wiping

Slack space in the last file cluster is not cleaned...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/04/03 12:0 a.m.48 views

Information leak in the Linux kernel ext2 implementation

Description: Information leak in the Linux kernel ext2 implementation References: CAN-2005-0400 Authors: Mathieu Lafon [email protected] Romain Francoise [email protected] Arkoon Security Team Advisory - March 25, 2005 http://arkoon.net/advisories/ext2-make-empty-leak.txt Revision: 1.0 1...

2.1CVSS5AI score0.00443EPSS
Exploits0
Rows per page
Query Builder