7 matches found
DRUPAL-CONTRIB-2025-112
CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...
GitLab: Stealing data from customers.gitlab.com without user interaction
Summary An attacker can link her own customers.gitlab.com account to the one of the victim, and these give access to 3 different vulnerabilities: - destroying subscriptions of the victim - buying new subscriptions using victim credit card for its own groups - some minor information disclosure abo...
Tulpar - Web Vulnerability Scanner
Tulpar is a open source web vulnerability scanner for written to make web penetration testing automated. Features Sql Injection GET Method XSS GET Method Crawl E-mail Disclosure Credit Card Disclosure Whois Command Injection GET Method Directory Traversal GET Method File Include GET Method Server...
Internet Bug Bounty: Widespread failure of certificate validation in Android apps
I have identified approximately 75 Android applications and some iPad that fail to validate SSL certificates, either failing to validate valid certificate authorities, correct hostnames or both. I have made attempts to responsibly disclose all of these vulns to the responsible parties. A few have...
CVE-2007-2640
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards...
Credit Card Data Disclosure in CitrusDB
CitrusDB uses a textfile to temporarily store credit card information. This textfile is located in the web tree via a static URL and thus accessible to third parties. It also isn SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...
[Full-Disclosure] Credit Card data disclosure in CitrusDB
Credit Card data disclosure in CitrusDB A group of students at our lab called RedTeam found an information disclosure vulnerability in CitrusDB which can result in disclosure of credit card information. Details ======= Product: CitrusDB Affected Version: = 0.3.5 Immune Version: =0.3.6 OS affected...