Monitor AWS & GCP Configurations: Security Monkey

Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...

Netflix Security Monkey Open Redirect Vulnerability

Netflix Security Monkey is a set of policy change and alerting tools for monitoring insecure configurations in your AWS account. Netflix Security Monkey suffers from an open redirection vulnerability. An attacker can exploit the vulnerability to redirect users to arbitrary domains with the help o...

Shopify: Full access at an internal service of Shopify

A Security Monkey instance was left accessible to the public. Even though this is outside of our usual scope, we fixed and rewarded this issue due to the nature of the information contained in this instance...

Open redirect

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

CVE-2017-7266

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

CVE-2017-7266

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

CVE-2017-7266

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

CVE-2017-7266

Netflix Security Monkey before version 0.8.0 is affected by an Open Redirect vulnerability. The logout flow accepts the next parameter, which can redirect users to arbitrary domains regardless of the Host header. Technical details across sources consistently describe this as an open redirect in t...

The vulnerability of the SeaMonkey software allows a malicious attacker to execute arbitrary code or cause a service failure.

The vulnerability of the asm.js component of the SeaMonkey software lies in the improper definition of safe exception handling during JIT-compilation and the lack of access to dynamic memory. Exploiting this vulnerability allows a malicious actor to gain access to data in separate memory segments...

Bloons Monkey City - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Bloons Monkey City published at the 'play' market has multiple vulnerabilities...

Jungle Monkey running - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Jungle Monkey running published at the 'play' market has multiple vulnerabilities...

Jungle Monkey 2 - Dangerous filesystem permissions, MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Jungle Monkey 2 published at the 'play' market has multiple vulnerabilities...

3D Monkey Live Wallpaper - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 3D Monkey Live Wallpaper published at the 'play' market has multiple vulnerabilities...

Ruby on Rails rails-html-sanitizer XSS 漏洞

XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact Due to the...

Possible XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact ------ Carefully crafted strings can cause user input...

XSS vulnerability in rails-html-sanitizer

There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...

Gentoo Security Advisory GLSA 201309-17

Gentoo Linux Local Security Checks GLSA 201309-17 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Ruby on Rails: Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter

Nested attributes rejection proc bypass in Active Record. There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577...

Ruby on Rails: Potential XSS on sanitize/Rails::Html::WhiteListSanitizer

Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact...

Monkey HTTPD Server Denial of Service - Ver2 (CVE-2013-3724)

A denial of service vulnerability has been reported in Monkey HTTPD Server. The vulnerability is due to improper bounds checking while parsing headers. A remote attacker can exploit this vulnerability by sending a malicious request to the target server. Successful exploitation of this vulnerabili...