Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the...

cloudforms: stored cross-site scripting in Name field

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field...

GSA Bounty: SSRF in Search.gov via ?url= parameter

Summary: https://search.usa.gov/helpdocs endpoint is vulnerable to SSRF via url parameter. The parameter is protected but can be bypassed using LF %0A. Steps To Reproduce: 1. Login to Search.gov and click help manual. 2. The following request was vulnerable. - Request GET...

PT-2018-3011 · Red Hat · Cloudforms

Name of the Vulnerable Software and Affected Versions: CloudForms versions 5.8 through 5.9 Description: A flaw was found in CloudForms's v2v infrastructure mapping delete feature, allowing for a stored cross-site scripting attack due to improper sanitization of user input in the Name field. The...

FOCA 3.0 - Network Infrastructure Mapping Tool Free Release

FOCA 3.0 - Network Infrastructure Mapping Tool Free Release This new version has new fresh look and feel, and it is full of new features that you will love to discover. If you want to learn more about FOCA, and Get FOCA 3 PRO, then you can book for a seat in the next online training about FOCA. I...