174 matches found
CVE-2003-1307
The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...
Gratipay: Mail spaming
Hello, We can bomb spam any email we want using your website. POC : 1.register 2.go to https://gratipay.com/hussein98d/emails/ and add your victim's email 3.start intercepting requests and click on "resend" 4.replay the same request many time , the victim's email will be spammed with Gratipay...
Mantis Bug Tracker 1.2.19 - Host Header
Exploit Title: MantisBT 1.2.19 - Host header attack vulnerability Date: 07-09-2015 Exploit Author: Pier-Luc Maltais Centre opérationnel de sécurité informatique gouvernemental COSIG Vendor Homepage: https://www.mantisbt.org/ Software Link:...
Burp Suite Professional v1.6.23 - The Leading Toolkit for Web Application Security Testing
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security...
Logstash vulnerability CVE-2015-5378
Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and...
Udemy: Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
Authenticated user can register for some course paid or free. After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API by using intercepting proxy tool and modify...
Slack: Link vulnerability leads to phishing attacks
Hello Guys, Hope you are doing great. I'm sending this email to let you know about a vulnerability i stumbled upon while using slack it's a great app!. While copy-pasting a link from a pdf to slack desktop/web, i noticed that the resulting links looked a bit messed up 1.png Firing up burp and...
Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)
Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...
CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
Vimeo: Adding profile picture to anyone on Vimeo
Hi! Brief The profile picture upload feature at https://vimeo.com/settings/profile contains a bug where an access control is missing for uploading a profile picture to a profile ID. This leads to the possibility of uploading a profile picture to any account on Vimeo. Furthermore, since the upload...
Cellular communications network discovery security vulnerabilities allow others to monitor the dead calls or intercept text messages-vulnerability warning-the black bar safety net
German researchers in a cellular communication network widely used on the VII signaling system SS7, Signaling System Number 7 on the discovery of a security vulnerability, allowing spies, hackers and criminals potential large-scale monitoring of private phone calls and intercept text messages...
Livefyre LiveComments Plugin - Persistent Cross-Site Scripting
Title : Stored XSS in Livefyre LiveComments Plugin CVE : 2014-6420 Vendor Homepage : http://livefyre.com Software Link : http://web.livefyre.com/streamhub/liveComments Version : v3.0 Author : Brij Kishore Mishra Date : 03-Sept-2014 Tested On : Chrome 37, Ubuntu 14.04 Description : This plugin...
BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications
A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel...
X (Formerly Twitter): Full path disclosure at ads.twitter.com
Hi there, I noticed a small information disclosure full path disclosure on ads.twitter.com. Steps to reproduce - 1. Login to ads.twitter.com - 2. Start to create a new twitter-follower campaign - 3. Choose to upload a new picture - 4. Turn on your intercepting proxy - 5. Upload a file - 6. You...
ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS
No description provided by source. Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF...
jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection
No description provided by source. Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Teste...
Session fixation
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...
Session fixation
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
NSA Reportedly Intercepts US-made Internet Routers to Install Spyware
The US Intelligence Agency, NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering “backdoors” and other spywares before they are exported and delivered to the international customers, reported by the Guardian. Yesterday...
Google DNS Intercepted in Turkey
Internet service providers in Turkey have been intercepting traffic to Google’s DNS servers and redirecting it, shutting off a workaround that Turkish users had employed to get to sites such as Twitter and YouTube after the government had blocked them. Google software engineers said they had...