44 matches found
PT-2024-25823 · Apache · Apache Karaf Cave
Name of the Vulnerable Software and Affected Versions: Apache Karaf Cave versions all Description: The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an...
ma-cave-a-vin.fr Cross Site Scripting vulnerability OBB-3776104
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cave-bonnieux.com Cross Site Scripting vulnerability OBB-3326227
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cave-mader.fr Cross Site Scripting vulnerability OBB-2925504
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cave-avonnaise.fr Cross Site Scripting vulnerability OBB-2925503
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cave-mader.fr Cross Site Scripting vulnerability OBB-2331691
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Denial of Service Vulnerability in Pothole App
Tencent Wave Cave app is a comic book reading platform that gathers a large number of users who love the second generation. A denial-of-service vulnerability exists in Wave Cave App, which can be exploited by attackers to cause denial-of-service attacks...
Recomposer - Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware And Sandbox Sites
Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? Example: https://github.com/mubix/vt-notify Feel somewhat safer with Recomposer! Recomposer will take your binary and randomly do the following: Change th...
cave-de-paris.com XSS vulnerability
Open Bug Bounty ID: OBB-606195 Description| Value ---|--- Affected Website:| cave-de-paris.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
la-cave-a-vin.fr XSS vulnerability
Open Bug Bounty ID: OBB-567586 Description| Value ---|--- Affected Website:| la-cave-a-vin.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
cave-de-paris.com XSS vulnerability
Open Bug Bounty ID: OBB-388665 Description| Value ---|--- Affected Website:| cave-de-paris.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
CAVE MINER - Search for Code Cave in All Binaries (ELF, PE and Mach-o) and Inject Payload
This tools search for code cave in binaries Elf, Mach-o, Pe, and inject code in them. Features Find code caves in ELF, PE and Mach-o Use custom bytes for the search ex: 0xCC can be used as nullbytes on PE See virtual address of the code cave. See the permissions of the code caves. Search custom...
Colossal Cave Adventure - Suspicious files, WebView files access vulnerabilities
HackApp vulnerability scanner discovered that application Colossal Cave Adventure published at the 'play' market has multiple vulnerabilities...
Candy Cave - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Candy Cave published at the 'play' market has multiple vulnerabilities...
Hopeless: The Dark Cave - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Hopeless: The Dark Cave published at the 'play' market has multiple vulnerabilities...
WordPress 3.8.2 cookie 伪造漏洞
0x00 背景 看了WordPress 3.8.2补丁分析 HMAC timing attack,眼界大开,原来还可以利用时间差来判断HMAC。 但我总觉得这个漏洞并不是简单的修复这个问题。 查看了官方提供的资料:“该漏洞是由WordPress的安全团队成员Jon Cave发现。”。 也许漏洞还有这样利用的可能。 0x01 PHP的特性 当PHP在进行 ”==”,”!=”等非严格匹配的情况下,会按照值的实际情况,进行强制转换。 当有一个对比参数是整数的时候,会把另外一个参数强制转换为整数。 0x02 分析修复的代码 官方版的diff只在php里改动了一个位置:...
BackdoorFactory - Patch PE (x86/x64) and ELF (x86/x64 and ARM LE x32) binaries with shellcode
Patch win86/64 PE and linux86/64 binaries with shellcode. The goal of The Backdoor Factory is to patch executable binaries with user desired shellcode and continue normal execution of the binary prepatched state. Under a BSD 3 Clause License. This is done by either appending a code cave or using...
CVE-2013-4877
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...
Authentication flaw
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...
CVE-2013-4877
CVE-2013-4877 affects Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01. The root issue is that these devices do not use CAVE authentication, which allows an attacker to sniff registration packets over the network and obtain ESN and MIN values from arbitrary phones, enabling cloning...