Lucene search
K

85 matches found

Kitploit
Kitploit
added 2022/07/05 12:30 p.m.26 views

Cspparse - A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...

7.5AI score
Exploits0References2
CNVD
CNVD
added 2022/06/15 12:0 a.m.21 views

WordPress Google Places Reviews plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS4.8AI score0.0071EPSS
Exploits2References1
Prion
Prion
added 2022/06/13 1:15 p.m.18 views

Cross site scripting

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

2.1CVSS5AI score0.0071EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.28 views

CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

5.3AI score0.0071EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2022/05/17 1:38 a.m.6 views

com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +23 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2 (>=1.2 <=1.7.9)

org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...

5.8CVSS7.2AI score0.02206EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2018-0308)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.7AI score0.00726EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2021/09/15 6:32 a.m.11 views

Rocky Enterprise Software Foundation OpenStack Platform (RHOSP) 16.2 enhancement advisory

An update is available for google-api-python-client, python-gflags, python-oauth2client, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rock...

0.6AI score
Exploits0
Kitploit
Kitploit
added 2021/07/03 12:30 p.m.179 views

GDir-Thief - Red Team Tool For Exfiltrating The Target Organization'S Google People Directory That You Have Access To, Via Google's API

Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API. HOW TO Create a new Google Cloud Platform GCP project Steps to get the Google API Access Token needed for connecting to the API 1. Create a burner gmail/google accoun...

7AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/04 10:25 p.m.35 views

Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)

Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...

9.1CVSS2.7AI score0.01587EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2020/12/25 8:35 p.m.191 views

Clario: Google API key leaks and security misconfiguration leads Open Redirect Vulnerability

Summary: Hello, when i search your targets and javascript files I found an googleapikey leaks in url = https://account.clario.co/js/main.044af6485f6b0cd90809.js. Part of the leak down below; 'https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=AIzaSyAw-SpLHVTIP3IFEIkckCuEmIhnUrY9OrQ';...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/12/23 9:47 a.m.952 views

FetLife: Google API key leaked to Public

Hi team, I found a bunch of endpoints that is leaking you Google Api key. I tested the key and found it is vulnerable to Geocode Api. List of vulnerable endpoints https://ass0.fetlife.com https://ass2.fetlife.com https://app.fetlife.com https://ass1.fetlife.com https://ass3.fetlife.com...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/09 12:0 a.m.34 views

openSUSE Security Update : MozillaFirefox (openSUSE-2020-1384)

This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.2.0 ESR - Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 bsc1175686 - CVE-2020-15663 bmo1643199 Downgrade attack on the Mozilla Maintenance Servic...

9.3CVSS7.6AI score0.02716EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/08 12:0 a.m.62 views

Security update for MozillaFirefox (moderate)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:1384-1 Rating: moderate References: 1173991 1174284 1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilitie...

9.3CVSS9.4AI score0.02716EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.33 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2544-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.2.0 ESR - Fixed: Various stability, functionality, and security fixes Mozilla Firefox ESR 78.2 MFSA 2020-38 bsc1175686 - CVE-2020-15663 bmo1643199 Downgrade attack on the Mozilla Maintenance Service...

9.3CVSS7.7AI score0.02716EPSS
Exploits0References10
Rockylinux
Rockylinux
added 2020/07/29 7:15 a.m.13 views

Rocky Enterprise Software Foundation OpenStack Platform 16.1 bug fix and enhancement advisory

An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

0.7AI score
Exploits0
Oracle linux
Oracle linux
added 2020/07/07 12:0 a.m.44 views

firefox security update

68.6.1-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Horak - Update to 68.6.0 build1 68.5.0-3 - Added fix for rhbz1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc Fri Feb 07 2020 J...

9.8CVSS9.5AI score0.06305EPSS
Exploits2
Prion
Prion
added 2020/06/11 7:15 p.m.14 views

Design/Logic Flaw

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device...

6.4CVSS9.1AI score0.02173EPSS
Exploits1References6Affected Software1
Oracle linux
Oracle linux
added 2020/04/09 12:0 a.m.51 views

firefox security update

68.7.0-2.0.1.el81 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references Orabug: 30530527 68.7.0-2 - Update to 68.7.0 build3 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Hora...

9.8CVSS9.4AI score0.02802EPSS
Exploits1
Hacker One
Hacker One
added 2020/04/03 5:2 a.m.457 views

Liberapay: Leaking Of Sensitive Information on Github

Summary: Sensitive Data were leaked in https://github.com/liberapay/liberapay.com Steps To Reproduce: 1. Install gitleaks from https://github.com/zricethezav/gitleaks 2. Run the following command in a Linux terminal gitleaks -v --pretty -r=https://github.com/liberapay/liberapay.com The following...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2020/02/16 3:2 p.m.24 views

Mail.ru: Google API Key is not restricted for specific application package name and signature [Mail.ru Cloud for Android]

Google API keys used in Cloud Mail.Ru for Android application were not properly limited in functionality...

3.3AI score
Exploits0
Rows per page
Query Builder