Dropcontact: API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation.

We didn't verified the API key when a new user was using his pipedrive free trial, so someone could take a key of another pipedrive which don't belong to him and make his free trial on this api key. Or launch a free trial on a pipedrive already connected to pipedrive...

Elasticsearch Privilege Escalation (CVE-2020-7014)

A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges...

Elasticsearch Privilege Escalation (CVE-2020-7009)

A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

Sickbeard 0.1 Cross Site Request Forgery

Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...

openSUSE Security Update : pdns-recursor (openSUSE-2020-1005)

This update for pdns-recursor fixes the following issues : - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Security update for pdns-recursor (moderate)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1005-1 Rating: moderate References: 1173302 Cross-References: CVE-2020-14196 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux...

Unspecified Vulnerability in QNAP Systems Helpdesk

QNAP Systems Helpdesk is a helpdesk application from China Weilian QNAP Systems. A security vulnerability exists in QNAP Systems Helpdesk versions prior to 3.0.1. An attacker can access QNAP Systems Helpdesk with the help of an API? key to access sensitive data on the QNAP Kayako server...

Shopify: Get analytics token using only apps permission

It seems apps that can read "analytics" have embedded analytic token. In order to access the /admin/reportify/token.json endpoint explicit dashboard or reports permission is required. A staff member with just "apps" permission can leverage the permissions of apps that can read reports to extract...

Mail.ru: Redmin API Key Exposed In GIthub

Sensitive application configuration data related to tracker.ucs.ru was leaked on github.com...

CVE-2020-3242 Cisco UCS Director Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...

h1-ctf: h1-ctf writeup , finally paid the payments by chaining multiple bugs

Summary: Ultimate aim is to pay the payments of hackerone using bounty pay with no use privileges at starting. Given scope is : .bountypay.h1ctf.com Enumerated subdomains are : 1. www.bountypay.h1ctf.com 2. app.bountypay.h1ctf.com 3. staff.bountypay.h1ctf.com 4. api.bountypay.h1ctf.com 5...

Cisco UCS Director Cloupia Script Remote Code Execution Exploit

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to...

Cisco UCS Director Cloupia Script - Remote Code Execution

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE',...

Cisco UCS Director Cloupia Script Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS...

UBUNTU-CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

Cisco UCS Director Cloupia Script RCE

This module exploits an authentication bypass and directory traversals in Cisco UCS Director 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS Director 6.7.4.0 to leak the administrator's REST API key an...

CVE-2020-11946

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

Code injection

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

CVE-2020-11946

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

CVE-2020-11946

Zoho ManageEngine OpManager versions prior to 125120 are affected by an information-disclosure vulnerability: an unauthenticated user can retrieve an API key via a servlet call. The issue enables access to API keys without authentication, exposing credentials that could be used to interact with t...