12 matches found
CVE-2023-50259
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...
CVE-2023-50259
CVE-2023-50259 affects Medusa prior to 1.0.19, where the /home/testslack endpoint allows unauthenticated blind SSRF. The issue arises because the testslack handler does not validate the user-controlled slack_webhook URL, passing it to notifiers.slack_notifier.test_notify, then _notify_slack and _...
CVE-2023-50258
Summary (CVE-2023-50258): Medusa is an open-source video library manager. Versions prior to 1.0.19 are vulnerable to an unauthenticated blind server-side request forgery (SSRF) in the testDiscord handler. The issue stems from not validating the user-controlled discord_webhook variable and passing...
Summer 2021: Friday Night Funkin’, Måneskin and pop it
This summer, several events that were postponed from 2020 due to the pandemic took place. Some of them interested children, while others barely registered by them. It is worth noting that childrens hobbies typically do not change from winter to summer — the only difference is that they devote mor...
Poker player jailed for illegal video streaming, downloading websites
By Deeba Ahmed Talon White has received 12 months of prison sentence after being involved in the illegal streaming of copyright-protected TV shows and movies. This is a post from HackRead.com Read the original post: Poker player jailed for illegal video streaming, downloading websites...
Best legal & free online streaming sites for movies & TV shows 2020
By Waqas Let's dig deeper into the world of free online streaming sites and find out what are your options. Here's the list... This is a post from HackRead.com Read the original post: Best legal & free online streaming sites for movies & TV shows 2020...
A week in security (March 18 – 24)
Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook's new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study...
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE : CVE-2018-9160 Category: webapps 1. Background...
tophotmovie.info XSS vulnerability
Open Bug Bounty ID: OBB-563644 Description| Value ---|--- Affected Website:| tophotmovie.info Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Hobi - TV Shows Reminder - Customized SSL, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Hobi - TV Shows Reminder published at the 'play' market has multiple vulnerabilities...
Hacker leaks 'Orange is the New Black' Season 5 after Netflix refused to Pay Ransom
After releasing 10 back-to-back episodes of the Season 5 premiere of Netflix's "Orange Is the New Black," a hacking group calling itself The Dark Overlord is threatening to leak a trove of other unreleased TV shows and movies. The Dark Overlord TDO posted links to the first 10 episodes of the...
Katastrophe - Command Line Tool to download torrents from Kickass Torrents
A Command-Line Interface for scraping Kickass torrents kat.cr. Provides options to scrape top torrents in given categories, or searching for specific torrents. The user can select single, multiple or even specify a range for the torrent to download from any category. Installation Using pip $ pip...