Tag: Security

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization.

Unity Editor RCE (CVE-2017-12939)

Unity has identified a Remote Code Execution flaw in the Editor and is rolling out a critical security patch to remediate this issue. The CVE id is CVE-2017-12939 A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and […]

[Dashlane] Test panel disclosure

Test panel disclosure on www.dashlane.com Debug Start encodingReceived (length: 1)1Start compressingDeflating raw input: (length: 1)49:Hex: (length: 2)31Input Base64: (length: 4)MQ==Deflating with level 7Deflated value: (length:3)3After deflating Base64: (length:20)AAAAAXjaMwQAADIAMg==Done compressingIn byte array: (length: 13)0:0:0:1:120:218:51:4:0:0:50:0:50:Actual data: (length: 13)0:0:0:1:120:218:51:4:0:0:50:0:50:Preparing 5 salts.Start calculating PBKDF2Feeding PBKDF2 with:- salt

[Teavana] Open Redirect

Open Redirect on connect.teavana.com This report highlights an open redirect and abuse on a subdomain of teavana.com. The attacker could create an account with a third party company and use that to create a fake campaign. Such a vulnerability could be remediated by whitelisting certain domains to avoid arbitrary usage of subdomains of teavana.com.

Bug report on a subdomain from Apple

Bug report on a subdomain from Apple. Apple subdomain : webcast.apple.com Greetings, While discovering some information on an Apple subdomain, I found a bug that was marked as valid by the Apple Security Team. 2017-05-12 webcast.apple.com A server configuration issue was addressed. We would like to acknowledge Adrien Paulet of Rbcafe (rbcafe.com) and an anonymous […]

Amazon Piraté ?

Bonjour, Ce matin j’ai reçu ce message de la part d’Amazon…. Bonjour *, Chez Amazon, nous prenons très au sérieux la confidentialité de vos informations personnelles. Or, nous avons trouvé en libre consultation sur Internet une liste d’adresses email et de mots de passe. Nous pensons que votre adresse email et que votre mot de […]

Roundcube fuzzing

Fuzzing Roundcube. A list to fuzz the Roundcube installation. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking. More information… Rbcafe generated for your usage a fuzzing list for […]

Security reports

Security reports by Rbcafe. Hackerone #217430 [connect.teavana.com] Open Redirect and abuse of connect.teavana.com #227663 [https://www.dashlane.com] Test Panel Disclosure #000000 Twitter related bug #219197 [****************.gnip.com] .htpasswd #198773 Drone Nextcloud #201948 Disclosure of information on static.dl.mail.ru #201489 Wordpress 4.7.1 #198673 HTTP-Basic Authentication on logs.nextcloud.com #198012 Disclosure of administrators via JSON on nextcloud.com WordPress #000000 Marktplaats related bug #000000 Spotify related bug #000000 Quora related bug #173175 Obtain the username & […]

Dailymotion piraté

Dailymotion piraté Et voici le message d’excuse de Dailymotion Bonjour Utilisateur, Nous avons appris que suite à un problème de sécurité externe à Dailymotion, les mots de passe d’un certain nombre de comptes pourraient avoir été compromis. Le hack semble être limité et ne concernerait aucune donnée personnelle. La sécurité de votre compte est extrêmement […]

Honey Pot

Powered by kryCMS Powered by Ovidentia powered by dataface Powered by JTL-Shop 2 Powered by Nukedit Powered by Xplode CMS powered by joomla 3.2 powered by joomla 3.3 Powered by Coppermine Photo Gallery Powered by SLAED CMS powered by my little forum powered by vBulletin 3.8.4 powered by vBulletin 3.8.5 POWERED BY HIT JAMMER 1.0 […]