1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL allowing the first intercepted packet through Burp, the following is displayed: It is fou...

UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover

Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...