1894 matches found
CVE-2021-29906
CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...
CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...
Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube
A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, emulating some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption. Create a vid...
Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)
Summary IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance o...
API Key Authentication Succeeded
This is an informational notice that the scanner was able to successfully authenticate against the web application using the API key credentials provided in the scan policy. No source data...
API Key Authentication Failed
This plugin is raised when the scanner has not been able to authenticate against the web application using the API key credentials provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...
Exploit for OS Command Injection in Eyesofnetwork
This is an exploit module for EyesOfNetwork 5.1 to 5.3, a network monitoring and management tool. The exploit targets three vulnerabilities: CVE-2020-8654, CVE-2020-8655, and CVE-2020-9465. CVE-2020-8654 is a discovery module that allows arbitrary OS commands to be run. The exploit uses the targe...
CVE-2020-19554
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
CVE-2020-19554
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
CVE-2020-19554
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
Zoho Corporation ManageEngine OPManager 跨站脚本漏洞
Zoho Corporation ManageEngine OpManager is a comprehensive network monitoring software from Zoho Corporation, USA. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ManageEngine OPManager =12.5.174, which stems from an API key...
Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...
CVE-2021-22149
Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a missing authorization weakness for API keys via an alternate route, enabling an authenticated attacker to use API keys belonging to higher-privileged users. Root cause: API keys not properly bound/authorized in altern...
Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository
Goscripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example...
Cross site scripting
The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. WordPress Smart Email Alerts plug-in has a cross-site...
Ruby on Rails: Sauce Labs API key unencrypted in an old commit
Vulnerability description not provided...
Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts...
Shopify: Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/
Description : Github is truly awesome service but its unwise to put sensitive data in public repo as i was found a repo committed 1 houre ago contain Senseitive data Credentials && ZRTAPIKEY && JWTSECRET related to this Host - https://shopify.zendesk.com/ leaked publicly in github, and clearly th...