CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

CVE-2018-13407

A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused...

CVE-2025-32036 DNN allows the possibility of bypassing Captcha

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send...

CVE-2025-32036 DNN allows the possibility of bypassing Captcha

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send...

CVE-2018-15876

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished...

CVE-2018-13407

A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused...

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...

Multiple vulnerabilities in JoomLeague for Joomla

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in JoomLeague plugin for Joomla. These vulnerabilities are in Google Maps plugin for Joomla, which is used in this plugin. In 2013-2014 I wrote...

Joomla-Base XSS / XML Injection / Denial Of Service

Hello list! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...

poMMo Aardvark PR16.1 Cross Site Scripting

Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo poMMo Aardvark...

SimpGB 1.49.02 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...

Joomla 1.5.22 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Insufficient Anti-automation, Abuse of Functionality and Cross-Site Scripting vulnerabilities in Joomla. Vulnerabilities exist in component commailto, which is a core component of Joomla. ------------------------- Affected products:...

Insufficient Anti-automation и DoS уязвимости в CMS SiteLogic

Здравствуйте 3APA3A! В дополнение к предыдущим уязвимостям в CMS SiteLogic, сообщаю вам о найденных мною Insufficient Anti-automation и Denial of Service уязвимостях в CMS SiteLogic. Это украинская коммерческая CMS. Insufficient Anti-automation WASC-21: http://site/?mid=1 В контактной форме нет...

IB Promotion Advanced Business Web Suite Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite. It's Ukrainian commercial CMS. XSS WASC-08: http://site/search/?qs=’;alertdocument.cookie;// It's DOM Based XSS. Insufficient Anti-automation...

Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in XAMPP

Hello 3APA3A! I want to warn you about new security vulnerabilities in XAMPP. These are Cross-Site Scripting and Insufficient Anti-automation vulnerabilities. XSS: http://site/xampp/iart.php?text=223E3Cscript3Ealertdocument.cookie3C/script3E Insufficient Anti-automation:...