31 matches found
OLX: Cross-site Scripting (XSS) - Reflected
Dear Security OLX team, I want to report the findings of the security gap on the olx.co.id website, the detailed findings are as follows: impact:https://www.olx.co.id/adminpanel/login/ Payload : ope8i"alert1grpo8 POC: paramter = userpassword POST /adminpanel/login/?ref0action=index&ref0method=ind...
Wincor Nixdorf PC/E Mobile Cash TryOut - API Vulnerability
Document Title: =============== Wincor Nixdorf PC/E Mobile Cash TryOut - API Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2002 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID: ===================================...
Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net
California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported...
CVE-2017-9858
CVE-2017-9858 affects SMA Solar Technology inverters (Sunny Boy TLST-21, TL-21; Sunny Tripower TL-10, TL-30). By sending crafted packets to the inverter and observing responses, an attacker can determine which user accounts are active or inactive, enabling brute-force planning. The vendor notes t...
CVE-2017-9858
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks such as a brute force attack as one now knows exactly which users exist and which do no...
Legal Robot: Missing link to 2FA recovery code
While going live with additional 2FA options, a security researcher discovered that while we provide a TOTP fallback and Recovery code fallback for users that have enabled U2F, we neglected to do this for TOTP-only users. All users that have enabled TOTP or U2F 2FA should have been able to access...
Today’s File Security is So ’80s, Part 1: Why the Traditional Approach to File Security is Broken
In today’s knowledge-driven economy, modern enterprises have a fluid organizational structure in which most employees have access to most data to do their jobs. Working groups are formed organically and are cross-functional by nature. The amount of unstructured data organizations create is growin...
08cms GETSHELL vulnerabilities-vulnerability warning-the black bar safety net
08cms GETSHELL Directly on the Exp ? php / Car CMS4. 1 GBK version: exp index. php? tplname=..%252f..%252fdynamic%252fstats%252faclicks. cac shell /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php Decoration of the CMS: shell: /dynamic/dynamic/stats/aclicks.cac.php / $exp = '/tools/ptool...
AJ Article 1.0 - Authentication Bypass
AJ Article 1.0 - Authentication Bypass / / \ / / / / / / / / / / / /\ / / / / / / / / / / / / / / \ / // // / / / / // // / // / / / / / / / // / / / / / / //, / // //,/// // // /,// // // // Discovered by : Hakxer Type Gap : Auth Bypass Script : AJ ARTICLE Greetz : Allah , Egyptian x...
res-sql.txt
Author : EgY Coders TM Home : Www.educ-up.com Type Gap : SQL INJECTION script : Real-Estate-Scripts see script http://www.real-estate-scripts.com/demo.html Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQLinj4ct0r , Stealth , Kof2002 ,Bright D@rk + Bug in : index.php POC...
Absolute Poll Manager XE 4.1 - xlacomments.asp SQL Injection
Absolute Poll Manager XE 4.1 - xlacomments.asp SQL Injection Author : Hakxer Home : Www.educ-up.com Type Gap : Sql injection --MSSQL Injection-- script : Absolute Poll Manager XE see script http://www.xigla.com/absolutepm/demo.htm Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx ,...