70 matches found
Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Vulnerability
Exploit Title: Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Exploit Author: Captainhook Vendor Homepage: https://www.atlassian.com/ Version: 4.10.0 Tested on: All OS CVE: CVE-2020-14166 Summary: The /servicedesk/customer/portals resource in Jira Service Desk Server and Data...
Top 5 Bug Bounty Platforms to Watch in 2021
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...
Top 5 Bug Bounty Platforms to Watch in 2021
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...
Android o2 Business 1.2.0 Open Redirect
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: o2 Business for Android Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business Type: Open Redirect CWE-601 Date found: 2020-04-16 Date published: 2020-07-01 CVSSv...
Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
Chrome extension for Instantaccess to your bug bounty submission dashboard of various platforms + publicly disclosed reports + bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark,...
Sudomy - Subdomain Enumeration & Analysis
Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...
Qualys Cloud Platform 2.35 New Features
This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...
Pentagon Expands Bug-Bounty Program to Include Physical Systems
The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...
bugcrowd.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-667666 Description| Value ---|--- Affected Website:| bugcrowd.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidden...
Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project
Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best...
Joomla Acymailing Starter 5.9.5 CSV Macro Injection
Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected Version: 5.9.5 Category:...
Joomla Acymailing Starter 5.9.5 Component - CSV Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected...
Joomla AcySMS 3.5.0 Component - CSV Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/...
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link:...
Netflix Opens Public Bug Bounty Program with $15K Payout Cap
Netflix expanded its bug bounty program on Wednesday opening it up to any white hat hacker and at the same time increased the top reward to $15,000. The bug bounty program, managed by Bugcrowd, now allows any registered hackers to scour Netflix vast mobile, cloud and software platform for minor a...
Magento Downloadable Products Cross Site Scripting Vulnerability
Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Stored Cross-Site Scripting a Downloadable Products...
Stored XSS in Confluence / Links in Code Block
This is reported from bugcrowd: publish code block with content single quotes included: 'https://w3.org/"style="width:100%;height:100%;position:fixed;left:0;top:0"onmousemove=alert1//' That should work both in comment and article sections...
Bugcrowd Integration Now Available in Qualys Web Application Scanning
The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd's approved security researchers. Qualys WAS customers running a bug bounty...
Qualys Cloud Platform 2.30 New Features
This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. This posting has been updated on 9/6/2017 and 10/25/2017 to...
Mamba Ransomware Returns, APT Trends, And More
Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, Kaspersky Lab’s Q2 APT report, Bugcrowd’s 250K mystery bounty, and a high schooler’s $10K bug bounty from Google. Download: ThreatpostNewsWrapAugust112017.mp3 Music by Chris Gonsalves Show notes...