PT-2022-20900 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue allows a user's cookies to be sent to the server with an unencrypted request over the HTTP protocol because the 'Secure' attribute is missing in the HTTPS session. This affects the...

PT-2022-20901 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue concerns a missing custom error page in the GitHub repository ikus060/rdiffweb. This results in the leakage of error information. The problem is resolved in version 2.4.2. Recommendation...

Privilege Escalation

rdiffweb is vulnerable to privilege escalation. The vulnerability exists in the setsamesite function due to invalid frame objects, allowing an attacker to trick the user to perform malicious actions...

GHSA-M379-X4XC-38X9 rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames

rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This iss...

rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames

rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This iss...

CVE-2022-3167

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

CVE-2022-3167

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

PYSEC-2022-268

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

Input validation

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

PYSEC-2022-268

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

CVE-2022-3167 Improper Restriction of Rendered UI Layers or Frames in ikus060/rdiffweb

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

PT-2022-20882 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.1 Description: The issue is related to improper restriction of rendered UI layers or frames, allowing attackers to perform clickjacking attacks. This can trick victims into performing actions such as entering...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.4.1, which stems from improper restriction of rendered UI layers or fram...

Open Redirect in ikus060/rdiffweb

Description The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks. Proof of Concept - Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com - Step 2: Login with valid account, you will be redirect to evil.c...

Open Redirect in ikus060/rdiffweb

Description ikus060/rdiffweb is vulnerable to open redirect at login page. Proof of Concept https://rdiffweb-demo.ikus-soft.com/login/?redirect=https://attacker.com after login to the above url it redirect to attacker .com Impact This vulnerability is capable of redirecting to malicious website...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to change the email of a user with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete repositories History with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create users with PoC.html 🕵️‍♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

rdiffweb 0.3.5 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24092/info rdiffWeb is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...