Top Bar < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Top Bar" in WP Admin 2. Save...

No Rate Limit On Reset Password Page

Description I have identified that when Reset Password for account , the request has no rate limit which then can be used to loop through one request. This can annoy to the root users sending mass password to one email. A rate limiting algorithm is used to check if the user session or IP-address...

UPchieve: No rate Limit on Password Reset page on upchieve

Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

Curve: Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us

Hi, When am going through all the JS files in curve.com I found a link called "/usa" is used to create Curve USA Waitlists by entering your name, email address, mobile number and address details. F874173 Then there is a functionality called "Track my Position" by using which joined users can view...

Shopify: Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP

Hello Shopify Security Team! Bug Summary: This bug leads to disclose any store products, files, purchase orders through shopify stocky app. It is bug in shopify app but it effects stores also. Reproduction steps: Go to apps.shopify.com and install the stocky app. Now you will be redirected to thi...

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting

D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link:...

Mail.ru: Race condition на покупке призов за баллы

Добрый день! Описание Уязвимость Race condition была обнаружена на delivery-club.ru при покупке за баллы. Запросы покупки успевают пройти до того, как происходит списание баллов. Таким образом можно успеть купить несколько товаров не тратя на это баллы. Тестирование У меня на счету было 105 балло...

DIGISOL DG-BR4000NG - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta...

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Category Hardware Exploit Author Adipta Basu...

Mail.ru: Stored XSS in e.mail.ru (payload affect multiple users)

Hi, We have found a high risk level STORED XSS in e.mail.ru chat, the status change function allow to inject malicious payload in javascript & HTML, The attack affect multiple users and run in auto mode, no need a user interaction. Vulnerability affect any user that have been invited to your chat...

Bypassing the latest version of the site Safety Dog 3. 1 upload-vulnerability warning-the black bar safety net

Test environment: windows 2 0 0 3 + iis 6.0 Test steps: 1. Site Safety Dog Defense state open ! 1 2. Burp intercept POST package after the modifications ! 2 3. Yes, you read that right, that is | 1 | 08sec. php spaces ---|--- ! 3! 4...

Bypass the site's security and Dog 3. 1 upload-vulnerability warning-the black bar safety net

This method is only tested in V3. 1 0 5 8 3 7 or less than V3. 1 0 5 8 3 7 the latest version V3. 1 0 6 1 0 3 ps: this method has been submitted to the security Dog security Emergency Response Center Bypass the site's security Dog V3. 1 0 6 1 0 3 way later will continue to publish out, please pay...