[FD] Uniqkey Password Manager 1.14 - Remote Credential Disclosure

> > Uniqkey Password Manager 1.14 contains a vulnerability which causes remote > credential disclosure under certain conditions. > CVE-2019-10676 > > --- > >

[FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845]

An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent,

[FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:

[FD] Quarking Password Manager 3.1.84 - Clickjacking Vulnerability

Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. CVE-2019-12880 ___ Sent through the

Re: [FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

CVE-2019-12163. > > GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure > Vulnerability > > > It is possible in versions 1.30 and below for unauthenticated attackers to > query the GAT-Ship Web Module for system information via a crafted request: > > PoC: >

[FD] Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass

Blackhole for Bad Bots protects your site against bad bots, spammers, scrapers, scanners, and other automated threats. Version 2.5 fails to avoid fingerprinting by including predictable data within the "blackhole_trigger" . Giving attackers the ability to detect and avoid this system.

[FD] Epic Web Honeypot 2.0a - Fingerprinting Vulnerability

The Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. Version 2.0a fails to avoid fingerprinting by including predictable data and size within index.html(the main

Re: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

CVE-2019-11028 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

GAT-Ship Web Module before the current version (1.40) suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrade to 1.40 > Discovered and reported by