Forwarded from DailyCVE
Dailycve
OFCMS has XSS vulnerability | CVE
Details:
OFCMS is a Java version of the CMS framework, a Java technology-based content management system.
OFCMS has a vulnerability to XSS. This vulnerability can be exploited by attackers to access personal information, such as user cookies.
References:β¦
Forwarded from UNDERCODE NEWS
Unilever CEO: "Employees will never return to the office five days a week"
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
HackerOne
Anghami - Bug Bounty Program | HackerOne
The Anghami Bug Bounty Program enlists the help of the hacker community at HackerOne to make Anghami more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminallyβ¦
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Espressif ESP-IDF buffer error vulnerability:
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
Dailycve
Espressif ESP-IDF buffer error vulnerability | CVE
Details:
Espressif ESP-IDF is a development platform developed by Espressif for the Internet of Things. There is a buffer error flaw in Espressif ESP-IDF, which can be abused by attackers to crash applications. The following products and versions areβ¦
Forwarded from DailyCVE
Dailycve
SaferVPN security vulnerabilities | CVE
Details:
SaferVPN SaferVPN, a VPN alternative, is SaferVPN. SaferVPN 5.0.3.3 to 5.0.4.15 has security bugs that attackers can manipulate to improve their privileges.
Affected Versions:
5.0.3.3 to 5.0.4.15
References:
https://vimeo.com/459654003β¦
Forwarded from UNDERCODE NEWS
Google, "Through four zero-day vulnerabilities, someone attacks Windows and Android"
#Vulnerabilities
#Vulnerabilities
UNDERCODE COMMUNITY
Do you wat this apple script ?
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Jinmo/applescript-disassembler: A simple run-only applescript disassembler
A simple run-only applescript disassembler. Contribute to Jinmo/applescript-disassembler development by creating an account on GitHub.
Forwarded from DailyCVE
π΅A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client):
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
Dailycve
A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client) | CVE
Details:
Qiyou E-sports Accelerator is an e-sports-level online competitive gaming accelerator.
There is a DLL hijacking flaw in the Unusual Games E-sports accelerator (Windows client). Attackers are able to run malicious code exploiting this loophole.β¦
Forwarded from DailyCVE
π΅Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities:
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
Dailycve
Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities | CVE
Details:
Zhejiang Lande Network Technology Co., Ltd.'s business scope covers: computer applications, network technology and product creation, professional services, incorporation of computer systems, and technical services for intelligent buildingβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
CEO of Twitter: Trump's ban is the right decision, but it sets a troubling precedent.
#International
#International
Forwarded from DailyCVE
π΅File upload vulnerability exists in CatfishCMS:
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
Dailycve
File upload vulnerability exists in CatfishCMS | CVE
Details:
Catfish CMS is a PHP content management framework which is free and open source.
CatfishCMS has a weakness for file transfer, which can be used to access server access permissions by attackers.
References:
http://www.catfish-cms.com/
Forwarded from DailyCVE
π΅Mblog open source Java blog system has logic flaws:
https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws
https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws
Dailycve
Mblog open source Java blog system has logic flaws | CVE
Details:
Mblog is an open source and free blog system built in the Java language, using spring-boot, jpa, shiro, bootstrap and other common frameworks to support the mysql/h2 database.
The Mblog open source Java blog framework has a weakness with aβ¦