-
The `oidc_providers.allow_existing_users` documentation is pretty sparse:
> `allow_existing_users`: set to true to allow a user logging in via OIDC to match a pre-existing account instead of failin…
-
### Service [000Domains](https://000Domains.com)
### Status Vulnerable
### Nameserver
> ns1.000domains.com
ns2.000domains.com
fwns1.000domains.com
fwns2.000domains.com
### Explanation
…
-
## Service name
readthedocs.org
## Proof
If a subdomain is pointing to `readthedocs.io` via CNAME records but not claimed. The website will throw an error like this
Signup for a an acco…
-
I find this to be a huge security flaw. There are MUCH better ways to do this.
Example: hash the passwords with bcrypt and a few salt rounds, which is a pretty secure way of preventing the takeover…
-
### Service Google Cloud DNS
### Status Vulnerable (as of July 2023)
### Nameserver
ns-cloud-**.googledomains.com
### Explanation
If a domain points to one of the nameservers listed abo…
ghost updated
2 months ago
-
Below I've written out a roadmap for our integration. These things are pretty much by order in which they should be done, but can mostly also be done in parallel. When the content analysis is ready to…
-
### Service [Verizon Small Business](https://yahoosmallbusiness.com)
### Status Unknown
### Nameserver
> yns1.yahoo.com
yns2.yahoo.com
### Explanation
Version acquired Yahoo and has fina…
-
Missing rate limit for current password field (Password Change) Account Takeover on https://start.jhipster.tech/
Vulnerable site : https://start.jhipster.tech/
Steps to reproduce the bug:
1)G…
-
## Service name
AWS Load Balancer
looks like "_region_.elb.amazonaws.com" or "elb._region_.amazonaws.com"
## Proof
The URLs produced when you create a load balancer contain a number which you ca…
-
## Service name
fastly.com
## Proof
http://live.pandora.com
## Documentation
it…