Lucene search
+L

72 matches found

jvn
jvn
added 2021/07/13 5:34 a.m.3 views

Multiple vulnerabilities in Retty App

Overview Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 The App uses a hard-coded API key for external services CWE-798 - CVE-2021-20748 Ryo Sato of...

7.5CVSS6.9AI score0.01037EPSS
Exploits0References8
hackerone
hackerone
added 2020/12/12 5:1 p.m.143 views

Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF

Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...

0.8AI score
Exploits0
kitploit
kitploit
added 2020/08/23 12:30 p.m.73 views

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

7.3AI score
Exploits0References16
hackerone
hackerone
added 2020/05/14 9:39 p.m.393 views

Insulet Corporation: Subdomain Takeover due to unclaimed domain pointing to Acquia Cloud

ssue Details The consultant identified that subdomain http:// or https://qa.myomnipod.com Web Site Not Found Sorry, we could not find any content for this web address. Please check the URL. If you are an Acquia Cloud customer and expect to see your site at this address, you'll need to add this...

0.4AI score
Exploits0
wallarmlab
wallarmlab
added 2019/02/11 7:37 p.m.67 views

Make Sure Your Security Is Ready for the President’s Day Shopping Spree

By Tony Bradley The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security...

Exploits0
osv
osv
added 2018/09/13 3:29 p.m.7 views

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

7.2CVSS5.8AI score0.01297EPSS
Exploits1References2
nvd
nvd
added 2018/09/13 3:29 p.m.21 views

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

7.2CVSS7AI score0.01297EPSS
Exploits1References2
packetstorm
packetstorm
added 2018/07/19 12:0 a.m.64 views

Adobe Systems Main lead DBMS Arbitrary Code Injection

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

0.5AI score
Exploits0
openvas
openvas
added 2018/06/19 12:0 a.m.35 views

Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Jun 2018)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

8.8CVSS5.8AI score0.09234EPSS
Exploits7References3
veracode
veracode
added 2017/06/02 8:47 a.m.26 views

Access Restriction Bypass Due To Web Service Access Token Issue

Moodle is vulnerable to access restriction bypass. The vulnerability exists because it does not restrict the running of functions from any external services which are not linked to the web service access token. Using this flaw, an authenticated user can run any arbitrary functions from any extern...

4.9CVSS6AI score0.00983EPSS
Exploits0References4Affected Software1
hackerone
hackerone
added 2016/09/27 2:53 a.m.21 views

HackerOne: HackerOne Integrations Design Issue

Summary HackerOne Integrations Design Issue Description Include Impact This bug is similar to 170552. The HackerOne Integrations feature is very sensitive and can not be used with just a click, IMHO, or we can say "HackerOne users are a click away from​ giving to an attacker very sensitive...

Exploits0
hackerone
hackerone
added 2016/02/10 1:27 a.m.19 views

New Relic: SUBDOMAIN TAKEOVER(FIXED)

Hello, I Already Reported This issue Though 180436 Support Ticket , Which is Fixed Now ! Your Subdomain go.newrelic.com is pointing to unbouncepages.com You should immediately remove the DNS-entry for go.newrelic.com is pointing to unbouncepages.com.. Any One Can Claim That Domain , Please Read T...

0.7AI score
Exploits0
Rows per page
Query Builder