544 matches found
Rdiffweb Security Vulnerability
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your files through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.8.0, which stems from a lack of rate limiting in the send report feature...
Denial Of Service (DoS)
rdiffweb is vulnerable to denial of service. The vulnerability exists because the rate limit on email triggering is not properly validated, allowing an attacker to send an email flood, resulting in an application crash...
Open Redirect
rdiffweb is vulnerable to open redirect. The vulnerability exists because hyperlinks are not properly validated in the library which allows an attacker to inject a malicious link and send a phishing email invitation to users...
Business Logic Errors
rdiffweb is vulnerable to business logic errors. The vulnerability exists because the library does not properly trigger notifications when adding an ssh key which allows an attacker to add any ssh key without aware of the user...
Improper Access Control
rdiffweb is vulnerable to improper access control. The library allows the same SSH key to be used by multiple users because it identifies a duplicate SSH key via SSH key name which is only a title to identify the key and not the actual SSH key resulting in broken access control...
Authentication Bypass
rdiffweb is vulnerable to authentication bypass. The vulnerability exists because the user authentication mechanism is not properly implemented, which allows an attacker to bypass permission checks and gain access to the system...
Command Injection
rdiffweb is vulnerable to command injection. The vulnerability exists in notification.py due to lack of character sanitisation in SSH key names which allows an attacker to inject a hyperlink that allows an attacker to redirect victim to malicious website...
rdiffweb has no rate limit on resend email feature
rdiffweb prior to 2.5.5 has no rate limit on the "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint...
rdiffweb vulnerable to Special Element Injection
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites...
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
In rdiffweb prior to 2.5.5, the username field is not unique to users. This allows exploitation of primary key logic by creating the same name with different combinations & may allow unauthorized access...
rdiffweb vulnerable to Open Redirect
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...
GHSA-WF33-6X33-WCF9 rdiffweb vulnerable to Authentication Bypass by Primary Weakness
In rdiffweb prior to 2.5.5, the username field is not unique to users. This allows exploitation of primary key logic by creating the same name with different combinations & may allow unauthorized access...
GHSA-83PM-7V48-5JP4 rdiffweb vulnerable to Special Element Injection
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites...
GHSA-7Q4R-X5QG-MMCP rdiffweb has no rate limit on resend email feature
rdiffweb prior to 2.5.5 has no rate limit on the "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint...
GHSA-H5WP-JRQC-CWWX rdiffweb vulnerable to Open Redirect
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...
CVE-2022-4719
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...
CVE-2022-4722
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...
CVE-2022-4723
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5...
CVE-2022-4720
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...
PYSEC-2022-43008
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...