Lucene search
K

138 matches found

Kitploit
Kitploit
added 2021/02/15 8:30 p.m.51 views

Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly

GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and...

6.5AI score
Exploits0References5
Kitploit
Kitploit
added 2021/01/10 8:30 p.m.63 views

MUD-Visualizer - A Tool To Visualize MUD Files

This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer wi...

7.4AI score
Exploits0References2
Hacker One
Hacker One
added 2020/10/04 11:56 a.m.46 views

TikTok: CSRF To Add New App In Developer Account And Bypassing Json Format

The researcher found a CSRF issue allowing a malicious user to add arbitrary applications to a developer's account...

3.2AI score
Exploits0
NVD
NVD
added 2020/09/23 2:15 p.m.29 views

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

5.3CVSS0.00898EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/23 1:6 p.m.39 views

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

5.1AI score0.00898EPSS
Exploits0References1
CVE
CVE
added 2020/09/23 1:6 p.m.53 views

CVE-2020-16240

GE Digital APM Classic (Versions 4.4 and prior) is vulnerable to CVE-2020-16240: an Authorization Bypass Through User-Controlled Key (IDOR) that allows unauthorized users to download sensitive user‑account data in JSON . Root cause: insecure IDOR enabling data exfiltration. Affected product: GE D...

5.3CVSS5.1AI score0.00898EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2020/07/07 9:39 a.m.347 views

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to...

0.3AI score
Exploits0
OSV
OSV
added 2020/05/04 2:15 p.m.24 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2020/05/04 2:15 p.m.34 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS7.2AI score0.02016EPSS
Exploits0References4
Prion
Prion
added 2020/05/04 2:15 p.m.20 views

Information disclosure

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

4.3CVSS7.2AI score0.02016EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2020/05/04 2:15 p.m.31 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS7.1AI score0.02016EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/05/04 1:19 p.m.33 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.2AI score0.02016EPSS
Exploits0References4
Securelist
Securelist
added 2020/03/24 10:0 a.m.40 views

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

7.3AI score
Exploits0
NVD
NVD
added 2020/03/23 3:15 p.m.25 views

CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

5.3CVSS5.3AI score0.05275EPSS
Exploits1References1
Prion
Prion
added 2020/03/23 3:15 p.m.17 views

Format string

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

5CVSS5.3AI score0.05275EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/23 3:1 p.m.76 views

CVE-2020-8497

Artica Pandora FMS

5.3CVSS5.2AI score0.05275EPSS
In wildExploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/23 3:1 p.m.29 views

CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

5.3AI score0.05275EPSS
Exploits1References1
NVD
NVD
added 2019/09/26 4:15 p.m.22 views

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...

5.3CVSS5.4AI score0.0183EPSS
Exploits0References1
Prion
Prion
added 2019/09/26 4:15 p.m.17 views

Hardcoded credentials

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...

5CVSS5.4AI score0.0183EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.4 views

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...

10CVSS8.1AI score0.94774EPSS
Exploits4References8Affected Software29
Rows per page
Query Builder