Lunary Input Validation Error Vulnerability

lunary is a production toolkit for LLM. An input validation error vulnerability exists in lunary that stems from improper validation of email addresses during the registration process and can be exploited by an attacker to create multiple accounts with the same email address by changing the case ...

Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

Blackboard Courseinfo v4.0 User Authentication

Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...