1895 matches found
Subfinder - Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target
SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then i...
Harpoon - CLI Tool For Open Source And Threat Intelligence
OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon --process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -...
Semrush: Broken Authentication: A project addition request can be used multiple time for different users
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Broken...
PayLink 3.0.1 Cross Site Scripting
============================================================================ | Title : PayLink v3.0.1 XSS Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | | Version : v3.0.1 | | Vendor : https://code.condize.com//pay/ | | Dork...
Philips Hue Bridge BSB002 public API security bypass vulnerability
Philips Hue Bridge BSB002 is a smart home lighting system from Philips in the Netherlands. public API is one of the public interfaces. A security vulnerability exists in the public API in the Philips Hue Bridge BSB002 using firmware version 1707040932, where the vulnerable program fails to encryp...
SSRF vulnerability in Recurly gem's Resource#find.
If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...
GHSA-959J-5G9V-3FPQ Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
Cross site scripting
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
CVE-2017-1000114 concerns the Jenkins/Datadog plugin where the API key used to access Datadog was stored in the global Jenkins configuration and transmitted in plain text via the configuration form, potentially exposing the key through browser extensions or XSS. Documents indicate the plugin was ...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
GSA Bounty: [api.data.gov] Leak Valid API With out Verification -
Description Remote attackers are able to retrieve a valid working api key with random Generation Process without a secure parsing or secure channel , human verification ..etc . the current proccess for requesting any api key is with signup form , and message with api delivered privately to user ,...
Knockpy - Enumerate Subdomain Scanner
Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...
Legal Robot: Create Api Key is not working
Create Api Key is not working...
WakaTime: Session Duplication due to Broken Access Control
Due to improper validation of user before generating an API-KEY and improper measures taken at the time of password reset, it is possible to generate a parallel session at the attacker's end. Proof of concept video is attached to confirm the vulnerability and to demonstrate the Impact of this...
Weblate: No Rate Limitation on Regenerate Api Key
Hi, I discovered that there is no request throttling or limit on api key regeneration. Though theres a little change while making a total of 30 requests in a few seconds, server error occurred then it continued. Screenshot F197872 In the screenshot 685 denotes a processed request and 6052 denotes...
Vulners Cloud Agents for Vulnerability Management
A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...
Octopus Deploy - (Authenticated) Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...