Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Localize: Full Path Disclosure (FPD) in www.localize.im

Hi, I found an information disclosure vulnerability/Full Path Disclosure on your application. Proof of Concept ------------------------- GET : https://www.localize.im/projects/projiect ID/languages/Language ID POST CONTENT:...

Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Date: ============= 2014-04-10...

NSA Hacked Servers of Chinese telecom Huawei, Stole Source Codes

The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the National Security Agency conducted a major offensive cyber operations against the Chinese government and networking company Huawei, i...

Phabricator: OAuth Stealing Attack (New)

Hi Evan, I found a new and more dangerous way to steal phabricator facebooks oauth tokens,codes, In this case, I exploited the behavior of Phabricator OAuth Dialog, If you provide a differnet scope in phabricator OAuth Dialog...

[Parsero] Robots.txt audit tool

.PNG Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. For example,...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

Ultrasonic Password Security for Google Accounts

Does a Strong Password Guarantee you the Security of your Online Account? If yes, then you should once check out our 'Data breaches' section on the website. A Startup Company, SlickLogin has developed a technology that enables you to login into online accounts using Ultrasonic sound, instead of...

欧朋LDAP服务匿名访问,内部大量泄露等!

简要描述： RT! 详细说明： LDAP匿名访问: 59.151.111.93:389 漏洞证明： 我看到有些公司的邮件系统直接用LDAP明文存储邮箱密码的,结果从高管到员工的邮箱可能全部被控制.发现真是进入企业内部的好通道啊! 总有几个员工弱口令的: https://mail.oupeng.com [email protected] kongcongcong [email protected] renyongy wifi: Hubei446 Beijing7 Guangdong3 Guangxi0 Xinjiang0 Fujian42 看出每月密码更换规则没?...

pChart 2.1.3 Cross Site Scripting / Directory Traversal

Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" Version: 2.1.3 Tested on: N/A Web Application. Tested...

BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion

source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include vulnerability Exploiting these issues could allow an attacke...

Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection

source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An information-disclosure...

Dredge School Administration System - DSMloader.php?Id SQL Injection

Dredge School Administration System - DSMloader.php?Id SQL Injection source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A...

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...

Dredge School Administration System - DSMloader.php Account Information Disclosure

Dredge School Administration System - DSMloader.php Account Information Disclosure source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery...

[APKinspector] Powerful GUI tool to analyze the Android applications

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...

Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability

Document Title: =============== Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1157 Release Date: ============= 2013-12-05 Vulnerability Laboratory ID VL-ID: ====================================...