249 matches found
validCollateral[0] can be added multiple times
Handle gzeon Vulnerability details Impact In addCollateral of Whitelist.sol, whatever in index 0 of validCollateral can be added multiple times. if validCollateral.length != 0 && validCollateral0 != collateral requirecollateralParamscollateral.index == 0, "collateral already exists"; Proof of...
CVE-2021-35978
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
CVE-2021-22967
In Concrete CMS formerly concrete 5 below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit...
Early user can break addLiquidity
Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...
Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words
The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...
Easy Accordion < 2.0.22 - Authenticated Stored XSS
The plugin does not properly sanitize inputs when adding new items to an accordion. PoC When adding new items to an accordion, an injection payload of "...
Cross Site Scripting in Subrion CMS
Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file...
CVE-2021-22449
CVE-2021-22449 affects Elf-G10HN 1.0.0.608 and Huawei WATCH Kid (1.0.0.608) with a logic vulnerability allowing an unauthenticated attacker to perform operations that add friends without prompting. root cause: insufficient security design. Impact described as enabling friend-adding actions on tar...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
✍️ Description The Add Key functionality in the Application is vulnerable to CSRF attack. 🕵️♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. 📍 Location index.phpL1 📝 References...
CVE-2020-22330
Cross-Site Scripting XSS vulnerability in Subrion 4.2.1 via the title when adding a page...
Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...
CVE-2020-22251
Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored xss in adding group name. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a group and enter s"' in group name 2. Save and view it you will see popup 💥 Impact This vulnerability is capable of stored xss...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored XSS in adding properties lead by adding owners first name and second name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1QbdzPJPHmQPsNl-o43a-Slub4Z3hhNh/view?usp=sharing 💥 Impact This vulnerability is capable of Stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...
CVE-2021-30147
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...
CVE-2020-35382
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
CVE-2020-10229
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts...
Cross site request forgery (csrf)
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts...
CVE-2020-25251
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...