85 matches found
Cspparse - A Tool To Evaluate Content Security Policies
cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...
WordPress Google Places Reviews plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cross site scripting
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...
CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...
com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +23 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2 (>=1.2 <=1.7.9)
org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...
Mageia: Security Advisory (MGASA-2018-0308)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Enterprise Software Foundation OpenStack Platform (RHOSP) 16.2 enhancement advisory
An update is available for google-api-python-client, python-gflags, python-oauth2client, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rock...
GDir-Thief - Red Team Tool For Exfiltrating The Target Organization'S Google People Directory That You Have Access To, Via Google's API
Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API. HOW TO Create a new Google Cloud Platform GCP project Steps to get the Google API Access Token needed for connecting to the API 1. Create a burner gmail/google accoun...
Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)
Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...
Clario: Google API key leaks and security misconfiguration leads Open Redirect Vulnerability
Summary: Hello, when i search your targets and javascript files I found an googleapikey leaks in url = https://account.clario.co/js/main.044af6485f6b0cd90809.js. Part of the leak down below; 'https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=AIzaSyAw-SpLHVTIP3IFEIkckCuEmIhnUrY9OrQ';...
FetLife: Google API key leaked to Public
Hi team, I found a bunch of endpoints that is leaking you Google Api key. I tested the key and found it is vulnerable to Geocode Api. List of vulnerable endpoints https://ass0.fetlife.com https://ass2.fetlife.com https://app.fetlife.com https://ass1.fetlife.com https://ass3.fetlife.com...
openSUSE Security Update : MozillaFirefox (openSUSE-2020-1384)
This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.2.0 ESR - Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 bsc1175686 - CVE-2020-15663 bmo1643199 Downgrade attack on the Mozilla Maintenance Servic...
Security update for MozillaFirefox (moderate)
openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:1384-1 Rating: moderate References: 1173991 1174284 1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilitie...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2544-1)
This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.2.0 ESR - Fixed: Various stability, functionality, and security fixes Mozilla Firefox ESR 78.2 MFSA 2020-38 bsc1175686 - CVE-2020-15663 bmo1643199 Downgrade attack on the Mozilla Maintenance Service...
Rocky Enterprise Software Foundation OpenStack Platform 16.1 bug fix and enhancement advisory
An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
firefox security update
68.6.1-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Horak - Update to 68.6.0 build1 68.5.0-3 - Added fix for rhbz1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc Fri Feb 07 2020 J...
Design/Logic Flaw
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device...
firefox security update
68.7.0-2.0.1.el81 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references Orabug: 30530527 68.7.0-2 - Update to 68.7.0 build3 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Hora...
Liberapay: Leaking Of Sensitive Information on Github
Summary: Sensitive Data were leaked in https://github.com/liberapay/liberapay.com Steps To Reproduce: 1. Install gitleaks from https://github.com/zricethezav/gitleaks 2. Run the following command in a Linux terminal gitleaks -v --pretty -r=https://github.com/liberapay/liberapay.com The following...
Mail.ru: Google API Key is not restricted for specific application package name and signature [Mail.ru Cloud for Android]
Google API keys used in Cloud Mail.Ru for Android application were not properly limited in functionality...