15 matches found
Hash Chaining Degrades Security at Facebook
Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme...
integrity-ethics.com Cross Site Scripting vulnerability OBB-3947408
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aet.astanait.edu.kz Open Redirect vulnerability OBB-3752749
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ec2-3-6-251-175.ap-south-1.compute.amazonaws.com Cross Site Scripting vulnerability OBB-3736714
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ucaspceonline.org Cross Site Scripting vulnerability OBB-3711107
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ccbica.aacrom.com Cross Site Scripting vulnerability OBB-3710983
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ethon8.com.br Cross Site Scripting vulnerability OBB-1218559
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Totally Pwning the Tapplock (the API way)
An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...
50mb.ethernet.biz XSS vulnerability
Open Bug Bounty ID: OBB-452463 Description| Value ---|--- Affected Website:| 50mb.ethernet.biz Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
rnpnet.ethz.ch XSS vulnerability
Open Bug Bounty ID: OBB-323015 Description| Value ---|--- Affected Website:| rnpnet.ethz.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
ALCASAR 2.8 - Remote Code Execution
ALCASAR 2.8 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d...
ALCASAR-Remote
By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...
destoon无限制增加帐号资金
简要描述: destoon 无限制增加帐号资金刷钱 详细说明: 找一个团购商品 没有的话可以自己发布一个,购买抓包,修改数量为负数 img 漏洞证明: 这个洞出了是有些天了,但是乌云上没看到这个洞,就发表大家看一下。某些站长还是得注意一下。 最后感谢乌云的漏洞奖励计划给的2000元奖励。 希望你们越办越好!...
Free Image Hosting Script [ALL VERSIONS] Remote File Upload
Exploit for php platform in category web applications ,---. o | , . ---. ,---. ,---. . . ,---. . |--- , . | | | |---' | | | | | | | | ---| ---' ---' ---' ---' ---' ---| ---' ---' ============================================ Free Image Hosting Script Remote File Upload Vulnerability...
Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack.
Hi! The land attack described in - http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by last security updates, but not for ipv6 protocol. As in IpV4 version of the attack, the build-in firewall has to be turned off to experience the result 1-5 seconds of DoS condition. Tools used:...