auditor-v1

🔐 Web Security Auditor v2.0 Mini BurpSuite / OWASP ZAP hech...

IBM: Potential Subdomain Takeover on IBM.com domain.

A potential subdomain takeover on an IBM.com domain was reported to IBM, analyzed, and remediated...

EUVD-2017-5892

Malware in sbrugna...

EUVD-2022-0640

Malicious code in bioql PyPI...

EUVD-2024-47165

Malicious code in bioql PyPI...

Awesome-Bugbounty-Writeups

This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...

CVE-2023-36474

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...

CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

BIT-GITLAB-2024-5528 Incomplete Comparison with Missing Factors in GitLab

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

UBUNTU-CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

CVE-2024-5528 Incomplete Comparison with Missing Factors in GitLab

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

CVE-2024-5528

CVE-2024-5528 affects GitLab CE/EE: subdomain takeover in GitLab Pages. Affected versions are: all prior to 16.11.6; 17.0 prior to 17.0.4; and 17.1 prior to 17.1.2. The issue is fixed by upgrading to 16.11.6 or newer, 17.0.4 or newer, and 17.1.2 or newer, respectively (GitLab patch releases exist...

CVE-2024-5528 Incomplete Comparison with Missing Factors in GitLab

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

CVE-2024-5528

Removed by vendor...

Mozilla: Subdomain takeover on a subdomain under firefox.com

The subdomain ████ was vulnerable to a subdomain takeover due to its CNAME record pointing to a Fastly-hosted service that was not registered with Fastly. This allowed the researcher to claim and take control of the subdomain...

Mozilla: [ addons-preview-cdn.mozilla.net ] A subdomain takeover is available via unregistered domain in Fastly

The domain addons-preview-cdn.mozilla.net was found to CNAME resolve to addons.allizom.org, which was hosted on Fastly's service. The domain addons-preview-cdn.mozilla.net was not registered within Fastly, resulting in a "Fastly error: unknown domain" message. The vulnerability was demonstrated b...

GO-2022-0372 Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh

Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh...

FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...