MongoDB NoSQL Collection Enumeration Via Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MongoDB NoSQL Collection Enumeration Via Injection", 'Description' = %q This module can exploit NoSQL injections on MongoDB versions less than 2....

Veris: Complete Profile URL is not Random and not expiring

This issue refers to a token non expiry issue and vulnerable uri patterns for onboarding process. The On Boarding process of Veris was revamped after a few such similar reports...

Generic Web Application DLL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Generic Web Application DLL Injection', 'Description' = %q This is a general-purpose module for exploiting conditions where a HTTP...

Yahoo!: Header injection on rmaitrack.ads.vip.bf1.yahoo.com

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program. header injection ...