CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account SEC-196...

curl: testing hackerone functions

hi team i am testing hackerone functions i need some help of you this is my test account can you blacklist me from your program not ban just blacklist Impact thanks...

EUVD-2017-9586

Malware in sbrugna...

HackerOne: Banned user still has access to their deleted account via HackerOne's API using their API key

The user's banned account could still be accessed using their previously generated API token, allowing them to perform actions such as retrieving reports, balance, earnings, payouts, weaknesses, and program information. This vulnerability was discovered and exploited on a test account...

CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account SEC-196...

CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account SEC-196...

Default credentials

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account SEC-196...

CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account SEC-196...

HackerOne: Race condition in claiming program credentials

Hi, Summary: I was invited to a private program and I tried to get test credentials so a request as follows was sent to your server: POST /graphql HTTP/1.1 Host: hackerone.com Connection: close Content-Length: 778 Accept: / X-Auth-Token: ████ User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64...

PRTG Command Injection Vulnerability

PRTG, known as Paessler Router Traffic Grapher, is a free software that can obtain traffic information and generate graphical reports through the SNMP protocol on routers and other devices. A command injection vulnerability exists in PRTG that stems from a failure to properly filter input...

CVE-2017-8218

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password...

Pornhub: Stored XSS in photo comment functionality

The photo comment functionality is vulnerable to stored cross site scripting: an attacker can craft a comment that contains malicious code and get it stored. This can be reproduced on my test account at http://www.pornhub.com/photo/166952961. Interestingly, differently from 171901 where i could...

HackerOne: Previous attachments can be referenced when creating a new report

Hello When user upload file in comment to report, user can find file ID by two ways: 1. In preview mode - In response to POST method https://hackerone.com/attachments , answer will be something like this: -"id":84577,"name":"mytestfile.png","size":32397 where fileID = 84577 for example 2. If user...

【齐博b2b商务系统】前台多处存储型xss直打后台admin

简要描述： 来一发..... 详细说明： 齐博官网下载第一栏的最新版b2b商务系统作测试。 环境：win7+xampp php 以普通用户权限注册一个号 账号为test 目标取得后台admin权限（Cookies） 在会员中心右栏发表文章，文章发表栏任意 填完数据后提交， burp抓包，改postdbcontent栏，如图 提交。 漏洞证明： 因为默认文章需要后台审核后才能发布，用admin登陆后台审核文章。 https://images.seebug.org/upl...

Several Vulnerabilities Found in Google App Engine

A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox. The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine...

MySQL 3.22.27/3.22.29/3.23.8 GRANT Global Password Changing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/926/info MySQL is a popular RDBMS used by many websites as a back-end. It is possible for users with GRANT access to change passwords for every user in the database including the mysql superuser. MySQL also ships with a...

PT-2010-3684 · Pyftpd · Pyftpd

Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...

DataWizard FTPXQ Default Accounts

The version of DataWizard FTPXQ that is installed on the remote host has one or more default accounts setup which can allow an attacker to read and / or write arbitrary files on the system. This script was written by Justin Seitz Per Justin : GPLv2 include"compat.inc"; if description set script...

MySQL 3.22.27/3.22.29/3.23.8 - GRANT Global Password Changing

source: https://www.securityfocus.com/bid/926/info MySQL is a popular RDBMS used by many websites as a back-end. It is possible for users with GRANT access to change passwords for every user in the database including the mysql superuser. MySQL also ships with a default "test" account which has...

MySQL 3.22.273.22.293.23.8 - GRANT Global Password Changing

MySQL 3.22.273.22.293.23.8 - GRANT Global Password Changing source: https://www.securityfocus.com/bid/926/info MySQL is a popular RDBMS used by many websites as a back-end. It is possible for users with GRANT access to change passwords for every user in the database including the mysql superuser...