114 matches found
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...
PT-2022-17020 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 15.0.4 GitLab CE/EE versions 15.1 through 15.1.3 GitLab CE/EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab CE/EE where a malicious developer could exfiltrate an...
Content Injection
Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically use...
WP Mail Logging < 1.10.0 - Outdated Redux Framework
The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 The first endpoint we can identify is gathered...
in froxlor/froxlor
✍️ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. 🕵️♂️ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...
OpenEMR 5.0.1.3 - Authentication Bypass
Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...
Two-Factor Authentication Bypass
wagtail-2fa is vulnerable 2fa bypass. An attacker with knowledge of another user's Wagtail login credentials is able to bypass the 2FA verification by modifying the URL, and subsequently add a new device and gain full access to the CMS...
CVE-2019-6837
CVE-2019-6837 describes a Server-Side Request Forgery (SSRF) in Schneider Electric’s U.motion Server family (MEG6501-0001 U.motion KNX server; MEG6501-0002 U.motion KNX Server Plus; MEG6260-0410 U.motion KNX Server Plus; Touch 10; MEG6260-0415 Touch 15). The flaw allows an attacker to cause the s...
CVE-2019-15302
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...
Design/Logic Flaw
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...
CVE-2019-15302
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker who has access to a Rich Text pad with editing rights for the URL to corrupt it i.e., cause data loss via a trivial URL modification...
CVE-2019-15302
The CVE-2019-15302 issue affects XWiki Labs CryptPad prior to 3.0.0. The pad management logic for Rich Text pads allows a remote attacker with editing rights for a pad’s URL to corrupt the pad (data loss) via a trivial URL modification. The description notes the vulnerability outcome as data loss...
WordPress nd-booking Plugin Unauthorized Operation Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-booking is an online reservation management plugin used in it. A security vulnerability exists in WordPress nd-booking plugin befor...
Dropbox: URL modification changes server side behavior to allow access
@itay658 discovered that adding "?dl=1" allows files to be downloaded, even if they were blocked with error 429. The bug has been fixed and pushed out...
CVE-2018-19142
Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...
Default credentials
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...
CVE-2017-8385
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...
CVE-2017-8385
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...
CVE-2017-8385
CVE-2017-8385 affects Craft CMS prior to 2.6.2976. The vulnerability is that the forgot-password email URL can be modified by an attacker, indicating a URL forgery/URL tampering issue within the password-reset flow. The available documented impact is the ability to alter the reset URL, with no ex...
CVE-2017-8385
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...