[FD] Quarking Password Manager 3.1.84 - Clickjacking Vulnerability

2019-06-24 Thread gionreale
Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. CVE-2019-12880 ___ Sent through the

[FD] Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass

2019-05-21 Thread gionreale
Blackhole for Bad Bots protects your site against bad bots, spammers, scrapers, scanners, and other automated threats. Version 2.5 fails to avoid fingerprinting by including predictable data within the "blackhole_trigger" . Giving attackers the ability to detect and avoid this system.

[FD] Epic Web Honeypot 2.0a - Fingerprinting Vulnerability

2019-05-21 Thread gionreale
The Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. Version 2.0a fails to avoid fingerprinting by including predictable data and size within index.html(the main

Re: [FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

2019-05-21 Thread gionreale
CVE-2019-12163. > > GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure > Vulnerability > > > It is possible in versions 1.30 and below for unauthenticated attackers to > query the GAT-Ship Web Module for system information via a crafted request: > > PoC: >

[FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

2019-05-17 Thread gionreale
GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:

Re: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

2019-04-26 Thread gionreale
CVE-2019-11028 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

2019-04-09 Thread gionreale
GAT-Ship Web Module before the current version (1.40) suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrade to 1.40 > Discovered and reported by

[FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845]

2019-04-05 Thread gionreale
An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent,

[FD] Uniqkey Password Manager 1.14 - Remote Credential Disclosure

2019-04-04 Thread gionreale
> > Uniqkey Password Manager 1.14 contains a vulnerability which causes remote > credential disclosure under certain conditions. > CVE-2019-10676 > > --- > >