When setSubnodeOwner transfers ownership of sub-domain the new owner can perform actions before fuses are burned

Lines of code Vulnerability details Impact Function NameWrapper.setSubnodeOwner can be used to transfer ownership of a sub-domain to a new owner and, at the same time, burn fuses. A possible use-case could be that a domain owner wants to transfer ownership of the sub-domain but burn fuses in orde...

Fedora: Security Advisory for golang-github-bobesa-domain-util (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-bobesa-domain-util-0-0.6.20200504git4033b5f.fc36

Handler for URL parts and identification of TLD and sub domains...

Garud - An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used - You must need to install...

U.S. Dept Of Defense: Improper Access Control - Generic on https://████

Greetings, I found on one of your sub-domains some tickets that are not supposed to be readable by everyone, we even have the possibility to delete the tickets. Link : https://███/█████/latest https://█████/███████/all https://█████/███████ DELETE HEADER METHOD Best regards, frenchvlad Impact a...

URLBrute - Tool To Brute Website Sub-Domains And Dirs

What is this URLBrute is a tool to help you brute forcing website sub-domains and dirs. Can be used with python3 and python2. Dependencies urlbrute.py requests = 2.21.0 bs4 = 0.0.1 datetime = 4.3 How to install In Linux: chmod +x install.sh sudo ./install.sh In Windows, install python 3.7, then r...

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

A vulnerability in the way Microsoft applications use OAuth for third-party authentication could allow an attacker to take over Azure cloud accounts. OAuth is a protocol that allows app users to share data about their accounts with third-party websites or apps, so that when they sign into the app...

Railto LLC: Administrator access to staging.railto.com

Summary: Hey team, While doing some recon for railto sub-domains. i came across a most critical bug which lets me complete access of https://staging.railto.com. i can add anything and removing anythings as i got the ADMIN level privilege. Steps 1. Go to https://staging.railto.com/admin url. 2. Se...

RapidScan - The Multi-Tool Web Vulnerability Scanner

Evolution: It is quite a fuss for a pentester to perform binge-tool-scanning running security scanning tools one after the other sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program...

Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools . Features in tools Name | Release |...

CVE-2019-10884

CVE-2019-10884 affects Uniqkey Password Manager 1.14. The root cause is a failure to distinguish between domains and sub-domains, causing passwords saved for example.com to be inappropriately recommended for usersite.example.com. This creates phishing risk and a false sense of security. Connected...

CT-Exposer - An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs

Discover sub-domains by searching through Certificate Transparency logs. What is CT? Certificate Transparency CT is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities CA. TLS has a weakness that comes from the...

Informatica: SSRF on infawiki.informatica.com and infawikitest.informatica.com

Researcher has identified and reported SSRF on Informatica's Sub-domain and helped us in resolving the issue...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

Cross Platform DNS Recon Tool: Sonar

Sonar is a reconnaissance tool for enumerating sub domains. It was modeled after Knock and DNSRecon though explicitly not written in Python to avoid the limitations of threading and dependencies. Sonar is statically compiled meaning it has no dependencies and even dynamically builds the default...

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

NASA.gov Cross Site Scripting

Exploit Title: NASA.gov sub-domains Multiple vulnerabilities Date: 27/01/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.nasa.gov Version: / Category: Multiple vulnerabilities Google dork: Tested on: NASA.gov sub-domains NASA description :...

Mozilla.org Cross Site Scripting

Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ The two domains above are almost the same Websites information: lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline...

Domain Analyzer Security Tool - Finds all the security information for a given domain name

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Features It creates a directory with all the information, including nmap output files. It uses colors to remark...