10 matches found
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...
SUSE CVE-2024-7246
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...
Mantra - A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages. It works by checking the source code of web pages and script files for strings that are identical or similar to API keys. These keys are often used for authentication to...
PayloadsAllTheThings
This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...
Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has...
Clario: Google API key leaks and security misconfiguration leads Open Redirect Vulnerability
Summary: Hello, when i search your targets and javascript files I found an googleapikey leaks in url = https://account.clario.co/js/main.044af6485f6b0cd90809.js. Part of the leak down below; 'https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=AIzaSyAw-SpLHVTIP3IFEIkckCuEmIhnUrY9OrQ';...
SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-3)
This update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...
SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)
This update for openssh fixes the following issues: Security issues fixed : - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks o...
SUSE-SU-2017:0607-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...
SUSE-SU-2017:0607-2 Security update for openssh
This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...