Maybe you shouldn’t use LinkedIn

UPDATE: 4/6/2018 LinkedIn reached out for comment on the article, and we'd like to clarify our position based on their concerns. They wrote: Members control their connections, who can see them including keeping them private if they wish and only first degree connections can get access to your...

Information disclosure

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information...

WordPress WP Security Audit Log 3.1.1 Information Disclosure

Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory $useruploadpath wpmkdirp $useruploadpath ;...

Design/Logic Flaw

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...

Upserve : Information disclosure through search engines (password reset token)

Search on google for: site:"hq.breadcrumb.com" Or access this link: https://www.google.com/search?q=site%3A%22hq.breadcrumb.com%22&oq=site%3A%22hq.breadcrumb.com%22&aqs=chrome..69i57j69i58.6216j0j7&sourceid=chrome&ie=UTF-8 Note that this vulnerability can be obtain on other search engines. Impact...

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

Vimeo: Securing "Reset password" pages from bots

I found a security issue on your "Reset password" page Google botnets are indexing some of your sensitive pages with tokens of accounts. For this you may like to add: For pages like "resetting your password" need to have this. Vulnerable url:...

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rul...

Indexable User Content (Attachments) on Google

User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rules such as those in /robots.txt. Additionally, such content being indexed can be removed from Google by consulting Google's Webmaster tools. An example of indexable content is below:...

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rul...

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing...

HackerOne: Securing sensitive pages from SearchBots

I reported the issue earlier Report 3662 .But instead of asking more information,you just closed the bug.Well,you said you never seen google indexing authentication tokens. okCupid,is a client of hackerone.com.Let's see whats google doing with their tokens: Search with the following dork:...