>
> Uniqkey Password Manager 1.14 contains a vulnerability which causes remote
> credential disclosure under certain conditions.
>
CVE-2019-10676
>
> ---
>
>
An issue was discovered in Uniqkey Password Manager 1.14.
When entering new credentials to a site that isn't registered within
this product, a pop-up window will appear asking the user if
they want to save these new credentials. The code of the pop-up window
can be read and, to some extent,
GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability
It is possible in versions 1.30 and below for unauthenticated attackers to
query the GAT-Ship Web Module for system information via a crafted request:
PoC:
Quarking Password Manager 3.1.84 suffers from a clickjacking
vulnerability caused by allowing * within web_accessible_resources. An
attacker can take advantage of this vulnerability and cause significant
harm.
CVE-2019-12880
___
Sent through the
CVE-2019-12163.
>
> GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure
> Vulnerability
>
>
> It is possible in versions 1.30 and below for unauthenticated attackers to
> query the GAT-Ship Web Module for system information via a crafted request:
>
> PoC:
>
Blackhole for Bad Bots protects your site against bad bots, spammers, scrapers,
scanners, and other automated threats.
Version 2.5 fails to avoid fingerprinting by including predictable data within
the "blackhole_trigger" . Giving attackers the ability to detect and avoid this
system.
The Epic Web Honeypot Project aims to lure attackers using various types of web
vulnerability scanners by tricking them into believing that they have found a
vulnerability on a host.
Version 2.0a fails to avoid fingerprinting by including predictable data and
size within index.html(the main
CVE-2019-11028
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
GAT-Ship Web Module before the current version (1.40) suffers from a
vulnerability allowing authenticated attackers to upload any file type to the
server via the "Documents" area. This vulnerability is related to
"uploadDocFile.aspx"
Fix:
Upgrade to 1.40
> Discovered and reported by