6 matches found
CVE-2025-49009
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...
CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...
PT-2024-17452 · WordPress · The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Name of the Vulnerable Software and Affected Versions: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions up to, and including, 6.5.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...
Reverb.com: Full account takeover
Hello Team, I got a security issue in reverb ios application which allows an attacker hack all users account. Since iOS application is not in the scope but still I am reporting this, because this vulnerability may compromise all users account. Please resolve this quickly. Desription: Reverb ios...
Seagate Central 2014.0410.0026-F Remote Facebook Access Token Exploit
Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archiveaccounts.ser file which contains access tokens and reuses the unencrypted and unprotected -rw-r--r-- access...
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...