Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Hacker One
Hacker Oneadded 2022/07/15 5:47 p.m.7 views

MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html

Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...

Exploits0
Huntr
Huntradded 2022/05/16 6:8 p.m.9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntradded 2022/05/12 11:40 a.m.15 views

Able to create an user with a long password as well as long username

Issue Description: Any admin may able to create and allocate user the credentials but when admin creates a user account where as the fields with the first name , last name and password has no defined length limit where as this scenario causes the application level DOS to the snipe-it What's the...

7AI score
Exploits0
Huntr
Huntradded 2021/11/18 6:29 a.m.11 views

in tsolucio/corebos

Description There's no bound limit to the number of characters/special characters in "Add Module - Window Title" Add window -- Modules. javascript:chooseType'Module';fnRemoveWindow;setFilterdocument.getElementById'selmoduleid' Steps to reproduce Step 1. Goto -...

0.3AI score
Exploits0
Huntr
Huntradded 2021/11/08 10:34 a.m.7 views

in cortezaproject/corteza-server

Description There's no bound limit to the number of "characters/special characters" in the name field of the user. Vulnerable Field: Full Name By sending a very long string it’s possible to cause a denial a service attack on the server. This may lead to the website becoming unavailable or...

Exploits0
Hacker One
Hacker Oneadded 2020/07/16 4:29 p.m.56 views

MTN Group: [play.mtn.co.za] Application level DoS via xmlrpc.php

Description Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DOS/SSRF. The website play.mtn.co.za has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. hackeron...

0.4AI score
Exploits0
Rows per page
Query Builder