84 matches found
m.anli.jiaju.sina.com.cn Cross Site Scripting vulnerability OBB-1493777
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Researchers Reveal New Security Flaw Affecting China's DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...
omniauth-weibo-oauth2 gem for Ruby Code Execution Vulnerability
The omniauth-weibo-oauth2 gem for Ruby is a Ruby-based authentication package. A security vulnerability exists in the omniauth-weibo-oauth2 gem for Ruby version 0.4.6 deployed on RubyGems.org. An attacker can exploit the vulnerability to execute code...
CVE-2019-17268
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected...
Buffer overflow
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected...
CVE-2019-17268
The CVE-2019-17268 entry concerns the Ruby gem omniauth-weibo-oauth2.0.4.6 distributed on RubyGems.org, which contains a code-execution backdoor inserted by a third party. The vulnerability affects version 0.4.6; versions through 0.4.5, and 0.5.1 and later, are unaffected. The root cause is malic...
Unspecified Vulnerability in CloudBees Jenkins Weibo Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16572
CVE-2019-16572 affects Jenkins Weibo Plugin versions 1.0.1 and earlier. Root cause: credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling access by users with master file-system access. Consequences stated across connected sources include exp...
PT-2019-14727 · Jenkins · Jenkins Weibo Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Weibo Plugin versions 1.0.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to the master file system...
Social Media Enumeration & Correlation Tool: Social Mapper
Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...
Social Mapper - A Social Media Enumeration & Correlation Tool
A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob WilkinGreenwolf Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searchin...
IBOS Enterprise Collaboration Management Software WeiboController.php page actionFollowing function has SQL injection vulnerability
IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. A SQL injection vulnerability exists in the WeiboController.php page of IBOS Enterprise Collaboration Management Software. An attacker is allowed to exploit the vulnerability to obtain sensiti...
The Struts S2-045 vulnerability heat analysis-vulnerability warning-the black bar safety net
Author: janesknow Chong Yu 404 laboratory Date: 2017-03-15 Background description Struts2 official to GMT 2017 3 December 6, 10pm published Struts2 there is a remote code execution vulnerability vulnerability number S2-045, CVE number: CVE-2017-5638, and rated as high-risk vulnerabilities. Becaus...
QrlJacker - QrlJacking Exploitation Framework
A python framework which goal is to exploit QrlJacking attack vector easily Installation Requirements Python 2.7.x Requests Pillow Selenium configparser Installation on Windows After downloading the framework cd QrlJacking-Framework pip install -r requirements.txt python QRLJacker.py Installation...
weibo.com XSS vulnerability
Vulnerable URL: http://www.weibo.com/signup/signup.php?lang=zh-hk&"-alert/OPENBUGBOUNTY//////=qiyewei Details: Description| Value ---|--- Patched:| Yes, at 07.02.2017 Latest check for patch:| 07.02.2017 10:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 20 VI...