1035 matches found
VulnCheck KEV: CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute...
Lark Technologies: Hyper Link Injection while signup
A hyperlink injection attack was reported on the Lark website. This flaw has since been remediated. We thank @susantwagle123 for reporting this to our team and confirming the resolution...
HackerOne: Subdomain takeover of resources.hackerone.com
Hello, I just went to https://resources.hackerone.com/ and it shows an error "Non-hub domain, The URL you've accessed does not provide a hub. Please check the URL and try again." also i've checked the CNAME is poiting to read.uberflip.com which means if it is not added it can be added to any...
Rocket.Chat: [Security Vulnerability Rocket.chat] HTML Injection into Email via Signup
Description Due to a lack of sanitization and validation in parameter affected, we can input HTML Tag and system will render it into Email victim. Affected Endpoint https://chat.oas.greenhost.net/home Parameter : Name Step to produce In textbox name, input HTML code like "\”@x.y " And in Email,...
Nord Security: Host header injection/redirection | signup and login page
Hey Team. There's a host header injection vulnerability in signup and login page. If possible, the application should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways: Remove the redirection function from the application,...
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
Authentication flaw
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
CVE-2019-18933
CVE-2019-18933 affects Zulip Server versions 1.7.0 through
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
Online Appointment - SQL Injection
Online Appointment - SQL Injection Exploit Title: Online Appointment SQL Injection Data: 07.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...
Online Appointment - SQL Injection
Exploit Title: Online Appointment SQL Injection Data: 07.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...
CVE-2019-13190
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page...
Design/Logic Flaw
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page...
CVE-2019-13190
Knowage up to version 6.1.1 contains a CAPTCHA bypass vulnerability where the signup page does not invalidate a valid CAPTCHA token, enabling bypass of CAPTCHA on registration. This affects the sign-up functionality and stems from the CAPTCHA token validation flaw described across multiple source...
WordPress GoDaddy godaddy-email-marketing-sign-up-forms plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress GoDaddy godaddy-email-marketing-sign-up-for...
Omise: Email enumeration at SignUp page
Hi. There's bad security practise at https://trade.go.exchange/en/auth/sign-up against User enumeration. Description: At the signup page here https://trade.go.exchange/en/auth/sign-up , when you enter an existing user's mail , a msg box says "Email is invalid." F546294 The problem is that any use...
LifeOmic: Improper signup & sign-in validation
Original Report from @zsbappa Summary: From the signup option I can able to signup differently using google and facebook account where i am using same email address. Description: I have account in facebook and gmailGoogle both. Both account i opened using same email account.When i goes to signup...
FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS
The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. Send POST request to wp-admin/admin-ajax.php with body content: "action=fvwpflowplayeremailsignup&list=1&[email protected]"...
CVE-2014-9919
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php...
ZEIT: [Fix Bypass #541631] Open redirect on Signup
Some signup and login paths did not verify the ?next= query param properly and allowed an open redirect with a carefully crafted invalid URL. It is standard practise to use a redirect query param in login and signup endpoints but the value should be carefully validated before accepting to redirec...