WePay: oauth redirect uri validation bug leads to open redirect and account compromise

according to: https://stage.wepay.com/developer/reference/oauth2 "redirecturi - The uri the user will be redirected to after authorization. Must have the same domain as the application." your current validation of this domain value is not sufficient. i setup my app with a website url of...

Oracle 9i XDB HTTP PASS Overflow (win32)

No description provided by source. $Id: oracle9ixdbpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

PT-2014-4538 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue allows remote authenticated users to read files by sending a crafted URL to the HTTP server, potentially accessing sensitive information suc...

Every day buy UC_KEY not initialize the security risks and patch-vulnerability warning-the black bar safety net

Every day buy integrated ucenter one-stop login api,but UCkey not initialized will cause the attacker can log in to any account,or even operate the credit card information. Detailed description: $get = $post = array; $code = @$GET'code'; //get the token parsestrauthcode$code, 'DECODE', UCKEY, $ge...

Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)

$Id: oracle9ixdbpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Oracle 9i XDB HTTP PASS Overflow (win32)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Oracle 9i XD...

Oracle 9i XDB HTTP PASS Overflow (win32)

This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database XDB, during a seminar on "Variations in exploit methods between Linux and Windows" presented at the...

Oracle 9.2.0.1 Universal XDB HTTP Pass Overflow Exploit

Exploit for unknown platform in category remote exploits ======================================================= Oracle 9.2.0.1 Universal XDB HTTP Pass Overflow Exploit ======================================================= This file is part of the Metasploit Framework and may be redistributed...

Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow (Metasploit)

Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

Remote PC Access Server 2.2 Vulnerability

Dear Bugtraq Here is a full details information about the vulnerability of Remote PC Access Server 2.2, taken from our advisory includes the exploit code: http://www.ytech.co.il/advisories/rpca/rpcaccess.htm Best Regards, Yaron Tal YTECH.CO.IL -----------------------------------------------------...