Adlisting Classified Ads 2.14.0 - Information Disclosure

Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects. id: CVE-2023-4168 info: name: Adlisting Classified Ads 2.14.0 - Information Disclosure autho...

BIT-PARSE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent t...

Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Impact The OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent to the token introspection endpoint instead of the user's actual access token. Depending on the introspection endpoint's...

GHSA-X6FW-778M-WR9V Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Impact The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set clientId for Google/Apple, appIds for Facebook, JWT verification silently skips audience claim validation. This allows an...

PlayTube 3.0.1 Information Disclosure

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...

Adlisting Classified Ads 2.14.0 Information Disclosure

Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 25/07/2023 Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Tested on: Windows 10...

VASTFLUX ad fraud massively affected millions of iOS devices, dismantled

Researchers have successfully dismantled a massive ad fraud campaign they stumbled upon by accident. The Satori Threat Intelligence and Research Team dubbed the campaign VASTFLUX, a portmanteau of "fast flux"--an evasion technique involving the constant changing of IP addresses behind a single...

GHSA-R657-33VP-GP22 parse-server auth adapter app ID validation can be circumvented

Impact Validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. This fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side...