CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

EUVD-2021-13993

Malware in sbrugna...

rcm.shinobi.jp Open Redirect vulnerability OBB-2732250

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

Design/Logic Flaw

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

CVE-2021-27228

CVE-2021-27228 affects Shinobi (Ocean version 1) where lib/auth.js implements Incorrect Access Control. An internal JavaScript object stores API keys; an attacker can exploit JS prototype method names (e.g., constructor, hasOwnProperty) to make the system treat a supplied API key as valid, result...

Moe Shinobi through ocean Trust Management Issues Vulnerability

Moe Shinobi through ocean is an application for the Moe community in Canada. It provides i video management functionality. Shinobi through ocean version 1 suffers from a trust management issue vulnerability, which can be exploited by an attacker to achieve full access to the user management API...

rcm.shinobi.jp Open Redirect vulnerability

Open Bug Bounty ID: OBB-1146020 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting rcm.shinobi.jp website and its users. Following...

Shinobi Security Software 1.0 Database Disclosure

Exploit Title : Shinobi Security Software 1.0 Database Disclosure Exploit Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/04/2019 Vendor Homepage : shinobi.video Software Download Link : github.com/moeiscool/Shinobi/archive/master.zip Software Information Lin...

Shinobi War - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Shinobi War published at the 'play' market has multiple vulnerabilities...

AudioCoder 0.8.22 - '.lst' Direct RETN Buffer Overflow

!/usr/bin/python Title: AudioCoder 0.8.22 .lst - Direct Retn Buffer OverFlow version: 0.8.22 build 5506 built on May 27 2013, 00:22:49 link: http://www.downloadbestsoft-mirror2.com/programs/AudioCoder-0.8.22.5506.exe Platform: Windows XP sp3 Date: June 23th, 2013 Author: onying @onyiing Blog :...

AudioCoder 0.8.22 Buffer Overflow

!/usr/bin/python Title: AudioCoder 0.8.22 - Direct Retn Buffer OverFlow version: 0.8.22 build 5506 built on May 27 2013, 00:22:49 link: http://www.downloadbestsoft-mirror2.com/programs/AudioCoder-0.8.22.5506.exe Platform: Windows XP sp3 Date: June 21th, 2013 Author: onying @onyiing Blog :...

Adrenalin Player 2.2.5.3 - .asx Local Buffer Overflow (SEH)

Adrenalin Player 2.2.5.3 - .asx Local Buffer Overflow SEH ====================================================================================== !/usr/bin/python Title: Adrenalin Player .asx - SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 18t...

Adrenalin Player 2.2.5.3 (.wax) - SEH Buffer Overflow

Exploit for windows platform in category local exploits !/usr/bin/python Title: Adrenalin Player SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 16th, 2013 Author: onying @onyiing Blog : http://itsecuritynewbie.blogspot.com/ Thanks to:...

Adrenalin Player 2.2.5.3 - '.wax' Local Buffer Overflow (SEH)

!/usr/bin/python Title: Adrenalin Player SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 16th, 2013 Author: onying @onyiing Blog : http://itsecuritynewbie.blogspot.com/ Thanks to: Information Security Shinobi Camp | http://www.is2c-dojo.com jun...

Audio Editor Master 5.4.1.217 - Denial of Service

Audio Editor Master 5.4.1.217 - Denial of Service !/usr/bin/python Exploit Title: Audio Editor Master 5.4.1.217 Denial Of Service Vulnerability software: Audio Editor Master version : 5.4.1.217 Tested on: Windows XP SP3 link: http://www.audioeditor.com Author: Onying @onyiing Blog:...

Audio Editor Master 5.4.1.217 Denial Of Service

!/usr/bin/python Exploit Title: Audio Editor Master 5.4.1.217 Denial Of Service Vulnerability software: Audio Editor Master version : 5.4.1.217 Tested on: Windows XP SP3 link: http://www.audioeditor.com Author: Onying @onyiing Blog: otakku-udang.blogspot.com from : Information Security Shinobi Ca...