72 matches found
Multiple vulnerabilities in Retty App
Overview Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 The App uses a hard-coded API key for external services CWE-798 - CVE-2021-20748 Ryo Sato of...
Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF
Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...
Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...
Insulet Corporation: Subdomain Takeover due to unclaimed domain pointing to Acquia Cloud
ssue Details The consultant identified that subdomain http:// or https://qa.myomnipod.com Web Site Not Found Sorry, we could not find any content for this web address. Please check the URL. If you are an Acquia Cloud customer and expect to see your site at this address, you'll need to add this...
Make Sure Your Security Is Ready for the President’s Day Shopping Spree
By Tony Bradley The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security...
CVE-2018-16987
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...
CVE-2018-16987
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...
Adobe Systems Main lead DBMS Arbitrary Code Injection
Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...
Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Jun 2018)
Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
Access Restriction Bypass Due To Web Service Access Token Issue
Moodle is vulnerable to access restriction bypass. The vulnerability exists because it does not restrict the running of functions from any external services which are not linked to the web service access token. Using this flaw, an authenticated user can run any arbitrary functions from any extern...
HackerOne: HackerOne Integrations Design Issue
Summary HackerOne Integrations Design Issue Description Include Impact This bug is similar to 170552. The HackerOne Integrations feature is very sensitive and can not be used with just a click, IMHO, or we can say "HackerOne users are a click away from giving to an attacker very sensitive...
New Relic: SUBDOMAIN TAKEOVER(FIXED)
Hello, I Already Reported This issue Though 180436 Support Ticket , Which is Fixed Now ! Your Subdomain go.newrelic.com is pointing to unbouncepages.com You should immediately remove the DNS-entry for go.newrelic.com is pointing to unbouncepages.com.. Any One Can Claim That Domain , Please Read T...