16 matches found
EUVD-2021-21857
Malware in sbrugna...
EUVD-2017-0233
Malware in sbrugna...
CVE-2021-35214
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...
CVE-2021-35214
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...
CVE-2021-35214
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...
Design/Logic Flaw
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...
CVE-2021-35214 Session Management Vulnerability
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...
CVE-2021-35214
CVE-2021-35214 describes a session-management vulnerability in SolarWinds Pingdom: when a user changes password or email, active sessions in other windows were not invalidated, allowing continued access. Documents confirm multiple active sessions could persist across browser windows and that the ...
Solarwinds SolarWinds Pingdom 代码问题漏洞
Solarwinds SolarWinds Pingdom is a complete website monitoring platform from Solarwinds, Inc. It is used to measure the latency of the websites it monitors. A security vulnerability exists in several solarwinds products. The vulnerability stems from the inability to invalidate a user's session...
Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...
Local API Login Credentials Disclosure in paratrooper-pingdom
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. Vulnerable Code: From: paratrooper-pingdom-1.0.0/lib/paratrooper-pingdom.rb ruby def setupoptions = %xcurl https://api.pingdom.com/api/2.0/checks -X PUT ...
CVE-2014-1233
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process...
Default credentials
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process...
CVE-2014-1233
The CVE-2014-1233 vulnerability affects the paratrooper-pingdom gem for Ruby (version 1.0.0). The exposed code path demonstrates that setup/teardown routines invoke curl to Pingdom API, passing App-Key and basic auth (username:password) in commands. This enables a local attacker to monitor the pr...
CVE-2014-1233
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process...
paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure
paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree...