138 matches found
Format string
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the "a":functionconfirm1 input...
CVE-2019-12966
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the "a":functionconfirm1 input...
Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of rig...
Arjun v1.3 - HTTP Parameter Discovery Suite
Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...
Shed - .NET Runtime Inspector
Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject ...
Dynamic Data Resolver (DDR) - IDA Plugin
This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...
HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████
HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...
Format string
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format...
CVE-2015-9269
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format...
CVE-2015-9269
The CVE-2015-9269 entry concerns the WordPress wordpress-mobile-pack plugin (before 2.1.3). The vulnerability arises in the export/article feature, where content from a privately published post is sent in JSON via exportarticle, enabling remote attackers to obtain sensitive information. Impact is...
CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information...
SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages
It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...
Design/Logic Flaw
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...
IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol
IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...
custom-bytecode-analyzer - Java bytecode analyzer customizable via JSON rules
Java bytecode analyzer customizable via JSON rules. It is a command-line tool that receives a path containing one or more Jar files, analyzes them using the provided rules and generates HTML reports with the results. Usage usage: java -jar cba-cli.jar OPTIONS -a DIRECTORYTOANALYZE -a,--analyze Pa...
Deserialization Of Pickled Message
Celery is vulnerable to deserialization attacks. The default configuration in Celery allows for the deserialization of pickled messages, even if it is configured to send messages in the JSON format. This is because the acceptcontent setting by default is set to: app.conf.acceptcontent = 'json',...
Shopify: Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
Hi , I have found a stored XSS issue in https://productreviews.shopifyapps.com Details: Going to https://productreviews.shopifyapps.com/proxy/v4/reviews/product?productid=8254331011&version=v4&shop=zh5403-attacker.myshopify.com&=cache&callback=test will show you the details of a product with the ...
Log pollution can potentially lead to local HTML injection - ownCloud
The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...
Server: Log pollution can potentially lead to local HTML injection
The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...
Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)
The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...