CVE-2021-25764

PhpStorm (JetBrains) before 2020.3 is affected: the issue lets source code be written into debug logs (“Source code could be added to debug logs”). The vulnerability affects PhpStorm’s logging path and can lead to information disclosure via logs. The issue is tracked as CVE-2021-25764. Remediatio...

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: The CTF's objective could be found in the following Twitter post: F858468 As outlined on https://hackerone.com/h1-ctf, all subdomains of bountypay.h1ctf.com are in scope. Doing subdomain enumeration revealed the following subdomains: api.bountypay.h1ctf.com app.bountypay.h1ctf.com...

Shanghai Chuangzheng Information Technology Co., Ltd. website building system has website source code leakage vulnerability

Shanghai Chuangzheng Information Technology Co., Ltd Chuangzheng was founded in 2005, is a national high-tech enterprise. Shanghai Chuangzheng Information Technology Co., Ltd. website building system has a website source code leakage vulnerability, attackers can use the vulnerability to obtain...

CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

CVE-2019-11269

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...

LifeOmic: open redirect while login at https://apps.dev.jupiterone.io can leak access code.

LifeOmic Comments @base64 found an open redirect bug in our auth flow. After review, we determined that due to design the exploit would only work in our dev environment. Though we determined mitigating controls were already in place for this attack in prod, we valued @base64 's efforts and awarde...

Source Code for CARBANAK Banking Malware Found On VirusTotal

Security researchers have discovered the full source code of theCarbanak malware—yes, this time it's for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks...

Chongqing to the home network technology limited company to the home to buy treasure APP there is information leakage vulnerability

The home has been purchased treasure to provide second-hand housing, new housing, rental housing, stores, information query, transaction brokerage and other services. CAPTCHA information leakage: This vulnerability is mainly in the registration and password retrieval, the server will return the...

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...

iPhone crackers GrayShift become victim of extortion after code Leak

By Waqas GrayKey's code snippets recently appeared online and an unknown party was This is a post from HackRead.com Read the original post: iPhone crackers GrayShift become victim of extortion after code Leak...

A week in security (February 5 – February 11)

Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers. We also covered several methods of stealing cryptocurrencies, including on...

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...

GM Bot Banking Malware Source Code Leak

Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...

用友多个系统通用漏洞设计缺陷(自带已保存的口令)

简要描述： 详细说明： 默认密码 其实是根本不用输入密码，账号密码自动保存，点确认就登入了、 导致 源码泄露 可调试 源码 这套 系统很多套用友系统都带着，具体请看 WooYun: 用友多个系统通用漏洞导致接口信息泄露引发多数据库信息泄露（涉及多个大型厂商） 然后从这个得来的灵感 http://gpms.foton.com.cn/uapws/ http://erp.suning.com.cn/uapws/ http://fm2.cscec.com/uapws/ http://bap.ufida.com/uapws/ http://61.178.99.236:9002/uapws/...

FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net

FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...

The local file contains（LFI）vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net

Kadimus is for detecting a site local file inclusion（LFI）vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...

Rig Exploit Kit Source Code Leaked

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...

Android iBanking Trojan Source Code Leaked Online

Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The...

Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak

Two months after exploit code the Microsoft RDP MS12-020 vulnerability made its way into the open before the company released a patch, Microsoft has put the blame for the leak on a Chinese security company, Hangzhou DPTech Technologies. Microsoft said Thursday that it has removed the company from...

resin 3.0.18 viewfile代码泄漏漏洞

No description provided by source...