GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

GitLab: An attacker can run pipeline jobs as arbitrary user

Summary An attacker can run arbitrary pipeline jobs as a victim user. This means the attacker can access the user private repositories, member only repositories, registry, etc... by using the victim CIJOBTOKEN token. This is only my recent research and I wanted to report it as soon as possible. I...

Flickr: Improper access control in place for "member only" groups via root.YUI_config.flickr.api.site_key

Researcher identified API endpoint that was not doing sufficient permission validation...

DMXReady Members Area Manager - Persistent Cross-Site Scripting

DMXReady Members Area Manager - Persistent Cross-Site Scripting Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: DMXReady Members Area Manager Persistent XSS Vendor url:http://www.dmxready.com/ Version:2 Price:295$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effect...