ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to ...
Continue Reading
June 29, 2022
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue Reading
June 28, 2022
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue Reading
June 28, 2022
Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth Single Sign On SSO (OAuth Client) plugin (versions Read More ...
Continue Reading
June 27, 2022
# Description Hi there, there is a stored XSS in Oauth application name. # Proof of Concept 1. Install a local instance of Autolab. 2. Go to `/oauth/applications` and create a new application with na ...
Continue Reading
June 23, 2022
Team, May you all be well on your side of the screen. :) While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of con ...
Continue Reading
June 23, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
June 23, 2022
### Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider (by extension, it means Twitter, which is the only built-in provider using OAuth 1), but * ...
Continue Reading
June 23, 2022
Back to Main
