Allocation of Resources Without Limits or Throttling

Overview jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded growth of a class-level dictionary used for storing OAuth nonces. An...

CVE-2016-10986

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...

EUVD-2016-1977

Malware in sbrugna...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

PT-2024-22943 · WordPress · Pocket News Generator

Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically Consumer Key and Access Token, due to insufficient input...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

Cross site scripting

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. PoC Put the following payload in the "Consumer key" setting of the plugin /wp-admin/options-general.php?page=thinktwit: - v - v 1.7.1 : "...

CVE-2016-10986

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...

Code injection

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter accesstoken, accesstokensecret, consumerkey, and consumersecret values by reading the dcwptwitter.php source code. This leads to Twitter account takeover...

Social Network Tabs - Social Media API Key Leakage

According to the original researcher: "The Wordpress Plugin called Social Network Tabs, made by the company Design Chemical, is leaking twice the Twitter accesstoken, accesstokensecret, consumerkey and consumersecret of their user which is leading to a takeover of their Twitter account."...

X (Formerly Twitter): [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable

First of all, really sorry for the unintentional DoS : I was testing it with a fresh bearer token but copied the production one accidentally. Details I've noticed that TweetDeck is using OAuth2 to issue requests Authorization Bearer token: http GET...

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...