Lucene search
K

426 matches found

Hacker One
Hacker One
added 2016/07/06 3:28 p.m.17 views

Legal Robot: AWS S3 website can't serve security headers, may allow clickjacking

Security researcher discovered that our AWS S3 website was not serving some basic security headers like X-Frame-Options. We resolved the issue by putting nginx in front of our AWS S3 website and adding header directives. Fixed security headers can be verified here: https://schd.io/zt...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2015/10/26 11:48 p.m.32 views

Deriv.com: Http Response Splitting - Validate link

So i found a http response splitting issue in your website. If we visit the following url: https://www.binary.com/user/validatelink?step=account&verifytoken=sometoken We will get a response header that says: Set-Cookie: verifytoken=sometoken; expires=Wed, 28 Oct 2015 23:31:35 GMT;...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2015/06/04 5:29 a.m.60 views

Coinbase: OAuth authorization page vulnerable to clickjacking

Due to a misconfiguration, the 'authorize' button on the OAuth authorization page was vulnerable to clickjacking. The bug was fixed by ensuring our OAuth-related responses included the same security headers including X-Frame-Options as the rest of the site...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/05/29 7:10 p.m.19 views

Legal Robot: Missing security headers, possible clickjacking

Security researcher discovered missing headers, including x-frame-options and content-security-policy...

2.1AI score
Exploits0
Kitploit
Kitploit
added 2015/03/10 5:0 p.m.17 views

RAWR - Rapid Assessment of Web Resources

Features A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc. An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information. A report on relevent security headers, courtesy of SmeegeSec. a CSV Thre...

6.8AI score
Exploits0References1
n0where
n0where
added 2015/02/06 7:40 a.m.17 views

RAWR – Rapid Assessment of Web Resources

RAWR is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMaplive or from file, Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an...

6.7AI score
Exploits0References2
Rows per page
Query Builder