CVE-2018-14730

An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/...

CVE-2018-14730

An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/...

CVE-2018-14731

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a...

CVE-2018-14731

The provided connected advisory for parcel-bundler identifies a concrete defect: versions before 1.10.0 of parcel-bundler’s WebSocket server lack origin validation for HMR, allowing a remote attacker to steal a developer’s source code via ws:// connections. This is caused by missing validation of...

CVE-2018-14730

The CVE-2018-14730 entry concerns Browserify-HMR. Affected component: the WebSocket server used for Hot Module Replacement. Root cause: origin validation is missing, allowing any origin to receive HMR messages via ws://127.0.0.1:3123/ (or similar), enabling an attacker to access a developer’s cod...

CVE-2018-14732

CVE-2018-14732 affects webpack-dev-server before 3.1.6. The WebSocket server used for Hot Module Replacement does not validate the request origin, allowing any origin (including ws://127.0.0.1:8080/) to receive HMR messages. This can enable an attacker to access a developer’s source code from a p...

Boozt Fashion AB: Application code is not obfuscated -- OWASP M9 (2016)

Description : Boost android app is not obfuscated which lead to view the source code of the app. Impact : Attackers can steal code and reuse it or sell it to create new application or create a malicious fake application based on the initial one. POC : Step 1 : First, I did the basic reverse...

IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain...

Slack: Broken Authentication (including Slack OAuth bugs)

Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirecturi validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can ste...

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...

IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure

source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that thi...