Lucene search
K

70 matches found

0day.today
0day.today
added 2021/04/07 12:0 a.m.45 views

Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Vulnerability

Exploit Title: Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Exploit Author: Captainhook Vendor Homepage: https://www.atlassian.com/ Version: 4.10.0 Tested on: All OS CVE: CVE-2020-14166 Summary: The /servicedesk/customer/portals resource in Jira Service Desk Server and Data...

4.8CVSS0.5AI score0.0194EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/02/08 10:10 a.m.52 views

Top 5 Bug Bounty Platforms to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 10:10 a.m.3 views

Top 5 Bug Bounty Platforms to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/03 12:0 a.m.215 views

Android o2 Business 1.2.0 Open Redirect

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: o2 Business for Android Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business Type: Open Redirect CWE-601 Date found: 2020-04-16 Date published: 2020-07-01 CVSSv...

6.4AI score0.01001EPSS
Exploits3
Kitploit
Kitploit
added 2020/06/11 9:30 p.m.43 views

Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

Chrome extension for Instantaccess to your bug bounty submission dashboard of various platforms + publicly disclosed reports + bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/28 9:51 p.m.490 views

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

7.1AI score
Exploits0References15
Qualys Blog
Qualys Blog
added 2018/11/26 6:10 p.m.100 views

Qualys Cloud Platform 2.35 New Features

This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...

Exploits0
ThreatPost
ThreatPost
added 2018/10/25 3:27 p.m.544 views

Pentagon Expands Bug-Bounty Program to Include Physical Systems

The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...

7.5AI score
Exploits0References5
Openbugbounty
Openbugbounty
added 2018/08/21 4:20 p.m.16 views

bugcrowd.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-667666 Description| Value ---|--- Affected Website:| bugcrowd.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidden...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/15 11:0 a.m.15 views

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project

Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best...

0.5AI score
Exploits0References3
Packet Storm
Packet Storm
added 2018/03/31 12:0 a.m.49 views

Joomla Acymailing Starter 5.9.5 CSV Macro Injection

Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected Version: 5.9.5 Category:...

8.7AI score0.07419EPSS
Exploits5
0day.today
0day.today
added 2018/03/30 12:0 a.m.46 views

Joomla Acymailing Starter 5.9.5 Component - CSV Macro Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected...

0.07419EPSS
Exploits5
0day.today
0day.today
added 2018/03/30 12:0 a.m.56 views

Joomla AcySMS 3.5.0 Component - CSV Macro Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/...

0.05639EPSS
Exploits5
exploitpack
exploitpack
added 2018/03/30 12:0 a.m.38 views

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link:...

6.8CVSS9AI score0.05639EPSS
Exploits5
ThreatPost
ThreatPost
added 2018/03/21 6:27 p.m.23 views

Netflix Opens Public Bug Bounty Program with $15K Payout Cap

Netflix expanded its bug bounty program on Wednesday opening it up to any white hat hacker and at the same time increased the top reward to $15,000. The bug bounty program, managed by Bugcrowd, now allows any registered hackers to scour Netflix vast mobile, cloud and software platform for minor a...

0.2AI score
Exploits0References2
0day.today
0day.today
added 2018/03/07 12:0 a.m.76 views

Magento Downloadable Products Cross Site Scripting Vulnerability

Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Stored Cross-Site Scripting a Downloadable Products...

6.5AI score
Exploits0
Atlassian
Atlassian
added 2018/03/02 6:55 p.m.105 views

Stored XSS in Confluence / Links in Code Block

This is reported from bugcrowd: publish code block with content single quotes included: 'https://w3.org/"style="width:100%;height:100%;position:fixed;left:0;top:0"onmousemove=alert1//' That should work both in comment and article sections...

1.8AI score
Exploits0Affected Software1
Qualys Blog
Qualys Blog
added 2017/10/18 2:43 p.m.27 views

Bugcrowd Integration Now Available in Qualys Web Application Scanning

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd's approved security researchers. Qualys WAS customers running a bug bounty...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/24 6:33 p.m.111 views

Qualys Cloud Platform 2.30 New Features

This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. This posting has been updated on 9/6/2017 and 10/25/2017 to...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/08/11 10:30 a.m.16 views

Mamba Ransomware Returns, APT Trends, And More

Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, Kaspersky Lab’s Q2 APT report, Bugcrowd’s 250K mystery bounty, and a high schooler’s $10K bug bounty from Google. Download: ThreatpostNewsWrapAugust112017.mp3 Music by Chris Gonsalves Show notes...

0.8AI score
Exploits0References7
Rows per page
Query Builder