33 matches found
Infogram: Password Reset Token Not Expired
Hello Team, Here in this scenario, I've found that the there's a kind of server side invalidation of Password Reset tokens. Like if I've requested for password reset token token1 and I don't use it, after I will make another request for password reset token token2. This time I'll use the token2...
mimipenguin - A Tool To Dump The Login Password From The Current Linux User
A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Details Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing cleartext...
Skyliner: Password reset Token not expiring
Hello Team, Here in this scenario, I've found that the there's a kind of server side side invalidation of Password Reset tokens. Like if I've requested for password reset token token1 and I don't use it, after I will make another request for password reset token token2. This time I'll use the...
Bumble: Ability to collect users' ids that have visited a specific web page with malicious code
Hey , Regarding this report 130453 , I'm pretty sure that there's a little misunderstanding of the issue , so please let me clarify the issue a bit more . The issue is not about the disclosure of user's id , that wouldn't be considered an issue at all because every website puts user's id in the...
HackerOne: External links should use rel="noopener" or use the redirect service
This is a rather low severity one and a successful exploitation relies on unlikely user interaction as well as the ability to control the HTML output of an remote host. Furthermore it is a kinda new hardening features in some browsers. Though one can work around this using "noreferrer" which is...
Greenhouse.io: SMTP protection not used (please read carefully )
Details: Companies like Coinbase, Yahoo,Google,Facebook and even hackerone implemented a strict email security policy combining SPF, DKIM, and DMARC but I don't see taht from mailgreenhouse.ioru , You should apply strict SMPT policy to stop spoofed email sending from your domain. POC is attached...
HackerOne: Account Hijacking (Only rare case scenario)
Hi, This is a logical flaw in the application which may allow any arbitrary user to obtain account access of another user. Below is the exploit scenario which may lead to potential account takeover in certain circumstances: User changes email while he is logged in his own account Some wrong email...
Facebook Android Flaws Enable Any App to Get User's Access Tokens
A researcher has discovered serious vulnerabilities in the main Facebook and Facebook Messenger apps for Android that enable any other app on a device to access the user’s Facebook access token and take over her account. The same researcher also discovered a separate, similar flaw in the Facebook...
Enable X-FRAME-Options header to implement clickjacking protection
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...
IBM OmniFind - Cross-Site Request Forgery
IBM OmniFind - Cross-Site Request Forgery The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, whi...
Ninja Blog 4.8 Remote Information Disclosure Vulnerability
No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...
[Full-Disclosure] sacred (pcgame) server flaw
Program: Sacred pc game http://sacred-game.com type: simple DoS, no client-auth affected version: 1.0.6.2 note: -fixed in later versions 1.0.7.0 dated:31.08.2004 -this security-lag exits for nearly half a year. although ascaron was informed at the date of release 02.03.2004, nothing happens long...
Microsoft RASAPI32.DLL
NGSSoftware Insight Security Research Advisory Name: Buffer Overflow in Microsoft Rasapi32.dll Systems Affected: WinNT, Win2K, XP, Microsoft Routing And Remote Access Server "Steelhead" Severity: High Category: Buffer Overrun / Privilege Escalation Vendor URL: http://www.microsoft.com/ Author: Ma...