Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Hacker One
Hacker Oneadded 2015/10/24 7:40 a.m.233 views

X (Formerly Twitter): IDOR- Activate Mopub on different organizations- steal api token- Fabric.io

Hello, There is an option to enroll your organization in fabric.io for mopub , but this particular end point is missing proper authorization checks allowing any user to steal API tokens. Vulnerable request ================ POST /api/v3/organizations/5460d2394b793294df01104a/mopub/activate HTTP/1....

6.7AI score
Exploits0
Hacker One
Hacker Oneadded 2015/04/10 9:53 a.m.25 views

X (Formerly Twitter): Fabric.io: Ex-admin of an organization can delete team members

When an admin is deleted from an organization, his access rights are not removed properly. This allows an ex-admin to delete team members from the organization. Before proceeding with attack, 1. Create an organization with two accounts. Lets say, VictimOrg - Victimadmin, Victimmember 2. Invite...

6.8AI score
Exploits0
Hacker One
Hacker Oneadded 2015/01/09 4:26 a.m.28 views

X (Formerly Twitter): Fabric.io - an app admin can delete team members from other user apps

It is possible for an app admin to delete all the team members from other apps for which he doesn't have access. To reproduce the attack, create two apps and add different user roles as below, VictimApp - Aliceadmin, Alicemember HackerApp - Hackeradmin, Hackermember Before proceeding with the...

6.8AI score
Exploits0
Hacker One
Hacker Oneadded 2015/01/08 2:46 p.m.26 views

X (Formerly Twitter): fabric.io - app member can make himself an admin

Let say, Alice is a member of TestApp. - Log into fabric.io as Alice and navigate to settings. - Click on Apps and choose TestApp. - Click on team members link and notice that Alice role is Member. Clicking on team members link sends a similar request as shown below. GET...

6.9AI score
Exploits0
Hacker One
Hacker Oneadded 2014/12/25 9:40 a.m.28 views

X (Formerly Twitter): HTML/XSS rendered in Android App of Crashlytics through fabric.io

Hey hi, While in fabric , the app name is rendered as HTML/XSS in android app of Crashlytics like shown in the screenshot. Steps to reproduce: Create an app with the name of payload in my case i have used, " under the following URL...

6.8AI score
Exploits0
Hacker One
Hacker Oneadded 2014/12/17 1:48 p.m.18 views

X (Formerly Twitter): Open redirection in fabric.io

Hi dear, Once the person is logged into his account he can be redirected to any website . https://www.fabric.io/login?redirecturl=@ for example : https://www.fabric.io/[email protected] Tested on updated firefox and chrome...

6.9AI score
Exploits0
Rows per page
Query Builder