Lucene search
K

939 matches found

Hacker One
Hacker One
added 2014/03/02 6:3 p.m.35 views

Slack: Open redirect vulnerability

Hi, Open redirect issue: 1 Go to this URL: https://sehacure.slack.com/link?url=http://www.likelo.com The victim will be redirected. Impacts: The attacker can force the user to install trojans,malwares, etc. into his system. And can conduct phishing attacks. Please have a check. Best regards, Anan...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2014/03/02 12:34 a.m.12 views

Slack: Stored XSS in Channel Chat

Hi there is a stored XSS in Channel Chat feature. I strong believe this a critical stored XSS I've made a video as POC and Reproduction steps here: - https://www.dropbox.com/s/2opkr6ojsseo1ka/Slack-Chat-Stored-XSS.mov Thanks and Regards Prakhar Prasad...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 11:35 p.m.20 views

Slack: Stored XSS on this link https://sehacure.slack.com/help/requests/

Hi, This is a little tricky one. First of all go to your profile page and change your name to " Save it. Wait!!! You will not see a javascript pop up there because there is proper input validation on the profile page. Now to see the prompt box 1 Go to this link...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 11:27 p.m.55 views

Slack: CSRF on add comment section

Hi, Steps to repro: 1 Go to this link https://sehacure.slack.com/help/requests/237956 2 The malicious guy should now the request number and the username. 3 Open Tamper data using tamper data firefox addon,Fill the reply in the form. 4 Submit the request.You will see there are no anti-csrf token i...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 11:7 p.m.62 views

Slack: csrf

Hi, Anti CSRF token to prevent CSRF attacks are missing on this link https://sehacure.slack.com/help/requests/new A new request can be submitted by an malicious guy to the support team on behalf of the user. The victim will never get to know. 1 Go to this link...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 10:30 p.m.24 views

Slack: CSRF vulnerability on https://sehacure.slack.com/account/settings

Hi, The CSRF token is not getting expired for a user.This can led to username change and many other account change information as well. To reproduce the issue: 1 Login into your Slack.com account 2 Go to this URl https://sehacure.slack.com/account/settings 3 Inspect element Copy your anti CSRF...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 10:11 p.m.31 views

Slack: Stored XSS in username.slack.com

Hi There is a stored XSS in username.slack.com. Steps to reproduce: 1. Login to your Slack 2. Goto "Create Private Group" and with any name and purpose 3. Goto https://manish.slack.com/messages/group/files/ 4. Upload a file hitting upload icon ^ filename shall be ".jpeg 5. After file is uploaded...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 10:3 p.m.29 views

Slack: URL redirection flaw

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 9:29 p.m.23 views

Slack: Stored XSS in www.slack-files.com

Hi, We can create posts under https://subdomain.slack.com/files/create/post Post will have XSS payload like " in title and body We save it and hit "Create public link" and once we share the link it will trigger XSS. Example/POC: https://slack-files.com/T025LLJ2X-F025N8W7W-3a5691 Thanks Prakhar...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 4:49 p.m.24 views

Slack: Session Fixation disclosing email address

Desc: Session fixation occurs due to SessionID in URL. A valid session-URL should be only a one time use. In this case a valid session-URL remains active for infinite time. The browser/cache may store this unique Session-URL and disclose EMAIL address of the user. Working: 1Register 2One...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 3:12 p.m.38 views

Slack: Slack OAuth2 "redirect_uri" Bypass

Hi, I've found a way to circumvent redirecturi restrictions imposed by the web application using domain-suffix/subdomain technique. I created an OAuth application under https://api.slack.com/applications/new. That has OAuth redirecturi configured to http://www.google.com. So technically Allowed...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/03/01 11:56 a.m.15 views

Slack: Broken Authentication (including Slack OAuth bugs)

Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirecturi validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can ste...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2014/02/28 11:48 p.m.19 views

Slack: Reflective XSS can be triggered in IE

https://slack.com/go/2-2190974613-d56827?77d50"alert9 The following URL is vulnerable to XSS and can be reproduce in IE...

0.8AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2011/07/17 12:0 a.m.15 views

Computerviren - Arten, Verfahren, Technik & Geschichte

Document Title: =============== Computerviren - Arten, Verfahren, Technik & Geschichte References: =========== https://www.vulnerability-lab.com/resources/documents/194.pdf Release Date: ============= 2011-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 194 Discovery...

0.1AI score
Exploits0
NVD
NVD
added 2005/12/10 11:3 a.m.15 views

CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...

2.1CVSS6.3AI score0.00452EPSS
Exploits1References8
Cvelist
Cvelist
added 2005/12/10 11:0 a.m.18 views

CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk...

6.3AI score0.00452EPSS
Exploits1References8
CVE
CVE
added 2005/12/10 11:0 a.m.43 views

CVE-2005-4151

The CVE-2005-4151 entry concerns the Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier. The issue is that the utility does not clear file slack space in the last cluster for a file, enabling local users to access previous contents of the disk. A...

2.1CVSS6.7AI score0.00452EPSS
Exploits1References8Affected Software1
securityvulns
securityvulns
added 2005/12/09 12:0 a.m.28 views

PGP Desktop Wipe Free Space incomplete information wiping

Slack space in the last file cluster is not cleaned...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/04/03 12:0 a.m.48 views

Information leak in the Linux kernel ext2 implementation

Description: Information leak in the Linux kernel ext2 implementation References: CAN-2005-0400 Authors: Mathieu Lafon [email protected] Romain Francoise [email protected] Arkoon Security Team Advisory - March 25, 2005 http://arkoon.net/advisories/ext2-make-empty-leak.txt Revision: 1.0 1...

2.1CVSS5AI score0.00443EPSS
Exploits0
Rows per page
Query Builder