X (Formerly Twitter): Access MoPub Reports Data even after Company removed you from their MoPub Account.

Description + Attacking approach API Workflow : - The MoPub Reporting API supports two separate CSV outputs where publishers can retrieve inventory or campaign performance data. - Publishers can retrieve daily reports via making a GET request using the request parameters. - This URL will return a...

Authentication flaw

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...

CVE-2018-15598

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...

Microsoft Bounty Program Offers Payouts for Identity Service Bugs

Microsoft has lifted the curtain on a new bug-bounty program, offering payouts as high as $100,000 for holes in identity services and implementations of the OpenID standard. The bounty program touches on Microsoft’s array of digital identity solutions, which tout strong authentication, secure...

Building an Effective API Security Strategy: Easy If You Have the Right Tools

In their approach to application programming interface API security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because "that's where the money is," the use of APIs to provide access to applications and to business-critical data...

Key Considerations in API security

Every day, there are billions of API calls being executed. These include public APIs, private APIs, SaaS APIs, APIs performing mobile back-end functions and many more. Given the gravity of the threat and the sheer volume of what’s exposed, how do we develop systems that are both safe and robust?...

CVE-2018-12716

The CVE-2018-12716 entry describes an API service vulnerability in Google Home and Chromecast devices prior to mid-July 2018. The issue allows DNS rebinding to read scan_results JSON data and extract BSSID fields, enabling remote readers on the local network to determine the user’s physical locat...

index.bithumb.com XSS vulnerability

Open Bug Bounty ID: OBB-633887 Description| Value ---|--- Affected Website:| index.bithumb.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.pmi.ky XSS vulnerability

Open Bug Bounty ID: OBB-632966 Description| Value ---|--- Affected Website:| api.pmi.ky Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Totally Pwning the Tapplock (the API way)

An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...

api.gameallianz.com XSS vulnerability

Open Bug Bounty ID: OBB-622635 Description| Value ---|--- Affected Website:| api.gameallianz.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.raboag.com XSS vulnerability

Open Bug Bounty ID: OBB-617880 Description| Value ---|--- Affected Website:| api.raboag.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.trustyou.com XSS vulnerability

Open Bug Bounty ID: OBB-613446 Description| Value ---|--- Affected Website:| api.trustyou.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.autopilothq.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-598302 Description| Value ---|--- Affected Website:| api.autopilothq.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

CVE-2018-6586

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...

api.betaout.com XSS vulnerability

Open Bug Bounty ID: OBB-579754 Description| Value ---|--- Affected Website:| api.betaout.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

Weather Forecast for April — It’s Raining Security Pros

As you are planning out your spring calendar, make sure an April visit to San Francisco is on it. Anchored by RSA Conference 2018, San Francisco will become a center of US security life for a week. The week will start with some training events and, of course, BSides San Francisco. Bsides is a...

api.intagent.com XSS vulnerability

Open Bug Bounty ID: OBB-568126 Description| Value ---|--- Affected Website:| api.intagent.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.har.com XSS vulnerability

Open Bug Bounty ID: OBB-567833 Description| Value ---|--- Affected Website:| api.har.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

tsw.hk.forexprostools.com XSS vulnerability

Open Bug Bounty ID: OBB-567044 Description| Value ---|--- Affected Website:| tsw.hk.forexprostools.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...