RubyGems: 65534 times efficient, Brute-force attack for api_key

I have found that type checking for apikey is insufficient in rubygems.org's source code. https://github.com/rubygems/rubygems.org/blob/master/app/controllers/applicationcontroller.rbL63 ruby def authenticatewithapikey apikey = request.headers"Authorization" || params:apikey @apiuser =...

Information Disclosure

Apache Catalina servlets-default is vulnerable to information disclosure. A remote attacker is able to retrieve the contents and source code of files on the server via a direct request...

CVE-2018-19183

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service vm.runCode failure and REVERT via a "code: Buffer.frommycode, 'hex'" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic...

Vignette Content Management 6 Security Bypass Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

Vignette Content Management 6 Security Bypass

...

Missing Origin Validation

Overview Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)

There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below. The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore. This is the HT...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

Design/Logic Flaw

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

Missing Origin Validation

Overview Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Instagram Clone 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Instagram Clone 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/justinwilliam Software Link:...

GHSA-37Q6-576Q-VGR7 Missing Origin Validation in parcel-bundler

Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

Missing Origin Validation in parcel-bundler

Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18733

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18733

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

Cross site scripting

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...