2680 matches found
Mail.ru: SSRF On [ allods.mail.ru ]
SSRF in allods.mail.ru. allods.mail.ru belongs to Ext.B scope...
CVE-2019-5295
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...
Django: Jenkins Unauthenticated RCE on https://djangoci.com/
This report discloses an RCE issue on djangoci.com as outlined in https://www.djangoproject.com/weblog/2019/may/15/rce-djangoci/ While technically a valid issue, it is out of scope for bounty, please see https://hackerone.com/django for details on which issues qualify for bounties...
Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making sound incident response a required capability in any organization’s security stack. To assist in this critical mission, Cynet i...
HackerOne: View HackerOne challenge scope before challenge begins
Summary: Hi team, I have come across an issue where I am able to view a HackerOne challenge scope before the challenge begins. The issue here being that I can get an understanding of what the in-scope assets are before a challenge starts, allowing myself to start researching and finding bugs to...
Gitlab -- Information Disclosure
Gitlab reports: Information Disclosure with Limited Scope Token...
Arbitrary File Read
koa-body is vulnerable to arbitrary file read. The vulnerability exists as it is possible to copy a file that exists outside of the web server's scope, into the /public directory which can be publicly read...
CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2016-1573
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope...
UBUNTU-CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
Code injection
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2015-1343 unity-scope-gdrive search feature logs search terms to syslog
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2015-1343
CVE-2015-1343 affects unity-scope-gdrive; all versions log search terms to syslog. The connected documents consistently describe a logging behavior that may expose user search data via syslog, implying potential information disclosure. The provided sources do not include root-cause details, affec...
Intel Server Board Firmware Vulnerability - US
Lenovo Security Advisory: LEN-24799 Potential Impact: Privilege escalation, information disclosure, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12173 Summary Description: Intel has notified Lenovo of a potential security vulnerability in Intel® Server...
Intel Matrix Storage Manager Discontinuation - US
Lenovo Security Advisory: LEN-26976 Potential Impact: Privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0121 Summary Description: Intel has notified Lenovo of a potential security vulnerability in Intel® Matrix Storage Manager may allow escalation of...
VK.com: Information Disclosure (phpinfo())
Out-of-scope...
Mail.ru: XSS
XSS via GET parameters in touch.cooking.lady.mail.ru touch.cooking.lady.mail.ru belongs to extended scope...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru
CSRF in https://allods.mail.ru allows to manage user's subscriptions. allods.mail.ru belongs to extended scope...