4 matches found
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
âī¸ Description Stored XSS in adding properties lead by adding owners first name and second name. đĩī¸ââī¸ Proof of Concept Video POC: https://drive.google.com/file/d/1QbdzPJPHmQPsNl-o43a-Slub4Z3hhNh/view?usp=sharing đĨ Impact This vulnerability is capable of Stored XSS...
GHunt - Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...
Design/Logic Flaw
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...
WakaTime: Bypassing Access control, changing owner's name in a private leaderboard
Hello, I would like to mention a bug here that is regarding changing the name of the owner of a leaderboard by a member that is first shown forbidden but when you again try to change owner's name you can see the changes to name made in the pop up that appears. Basically when I created a private...