Lucene search
K

1895 matches found

Kitploit
Kitploit
added 2018/04/18 8:46 p.m.27 views

Subfinder - Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target

SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then i...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2018/03/07 1:11 p.m.82 views

Harpoon - CLI Tool For Open Source And Threat Intelligence

OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon --process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -...

7.1AI score
Exploits0References1
Hacker One
Hacker One
added 2018/02/25 7:37 a.m.37 views

Semrush: Broken Authentication: A project addition request can be used multiple time for different users

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Broken...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/24 12:0 a.m.43 views

PayLink 3.0.1 Cross Site Scripting

============================================================================ | Title : PayLink v3.0.1 XSS Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | | Version : v3.0.1 | | Vendor : https://code.condize.com//pay/ | | Dork...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/11/09 12:0 a.m.3 views

Philips Hue Bridge BSB002 public API security bypass vulnerability

Philips Hue Bridge BSB002 is a smart home lighting system from Philips in the Netherlands. public API is one of the public interfaces. A security vulnerability exists in the public API in the Philips Hue Bridge BSB002 using firmware version 1707040932, where the vulnerable program fails to encryp...

7.9CVSS6.8AI score0.00422EPSS
Exploits0References1
RubySec
RubySec
added 2017/11/09 12:0 a.m.22 views

SSRF vulnerability in Recurly gem's Resource#find.

If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...

9.8CVSS0.9AI score0.02594EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.18 views

GHSA-959J-5G9V-3FPQ Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...

2.1CVSS6AI score0.00507EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.29 views

Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...

2.1CVSS6AI score0.00507EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2017/10/05 1:29 a.m.20 views

CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

4.3CVSS3.6AI score0.01038EPSS
Exploits0References2
OSV
OSV
added 2017/10/05 1:29 a.m.17 views

CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

3.1CVSS6AI score
Exploits0References2
Prion
Prion
added 2017/10/05 1:29 a.m.13 views

Cross site scripting

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

4.3CVSS3.8AI score0.01038EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.67 views

CVE-2017-1000114

CVE-2017-1000114 concerns the Jenkins/Datadog plugin where the API key used to access Datadog was stored in the global Jenkins configuration and transmitted in plain text via the configuration form, potentially exposing the key through browser extensions or XSS. Documents indicate the plugin was ...

4.3CVSS3.7AI score0.01038EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.19 views

CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

3.6AI score0.01038EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/09/06 8:9 p.m.29 views

GSA Bounty: [api.data.gov] Leak Valid API With out Verification -

Description Remote attackers are able to retrieve a valid working api key with random Generation Process without a secure parsing or secure channel , human verification ..etc . the current proccess for requesting any api key is with signup form , and message with api delivered privately to user ,...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/08/24 9:59 p.m.42 views

Knockpy - Enumerate Subdomain Scanner

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...

7.2AI score
Exploits0References2
Hacker One
Hacker One
added 2017/07/30 6:17 p.m.15 views

Legal Robot: Create Api Key is not working

Create Api Key is not working...

2AI score
Exploits0
Hacker One
Hacker One
added 2017/07/08 3:42 p.m.60 views

WakaTime: Session Duplication due to Broken Access Control

Due to improper validation of user before generating an API-KEY and improper measures taken at the time of password reset, it is possible to generate a parallel session at the attacker's end. Proof of concept video is attached to confirm the vulnerability and to demonstrate the Impact of this...

3.1AI score
Exploits0
Hacker One
Hacker One
added 2017/06/27 1:0 p.m.34 views

Weblate: No Rate Limitation on Regenerate Api Key

Hi, I discovered that there is no request throttling or limit on api key regeneration. Though theres a little change while making a total of 30 requests in a few seconds, server error occurred then it continued. Screenshot F197872 In the screenshot 685 denotes a processed request and 6052 denotes...

1.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/06/20 9:30 p.m.346 views

Vulners Cloud Agents for Vulnerability Management

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/29 12:0 a.m.60 views

Octopus Deploy - (Authenticated) Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...

7.4AI score
Exploits0
Rows per page
Query Builder