Lucene search
K

16 matches found

Huntr
Huntr
added 2023/02/22 3:1 a.m.37 views

Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion

Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...

5.5CVSS5.5AI score0.0075EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/23 12:59 p.m.16 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

0.1AI score
Exploits0References1
Hacker One
Hacker One
added 2022/07/04 2:3 p.m.143 views

U.S. Dept Of Defense: [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS]

IP Address used to find vulnerability: ██████ Vulnerable Website URL or Application: https://████ pomcldsvr2.████ Proof of ownership: ███ Summary: The server at https://███ is running a vulnerable version of CSA. A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows...

7.5CVSS2.3AI score0.99105EPSS
Exploits9
Hacker One
Hacker One
added 2021/01/23 3:33 a.m.17 views

Shopify: [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserTfaEnforcement

Summary: There is an access control issue that happens when a Shopify Plus user tries to update the 2FA requirement of a user in another organisation. While the response shows an error message, an email is sent to the user with the 2FA status, first name, last name, email address, and shop id fro...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2019/11/06 6:7 p.m.8 views

Clario: CRLF Injection - http://stage.mackeeper.com/

Summary: CRLF Injection - http://stage.mackeeper.com/ CRLF injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/03 12:0 a.m.225 views

TestLink 1.9.19 Server-Side Request Forgery

Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/29 12:0 a.m.58 views

WordPress Loco Translate 2.2.1 Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/29 12:0 a.m.47 views

WordPress Anti-Malware Security And Brute-Force Firewall 4.18.63 Local File Inclusion

Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debian GNU/Linux 9...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/28 12:0 a.m.23 views

WordPress Anti-Malware Security and Brute-Force Firewall 4.18.63 Plugin - Local File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debi...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/28 12:0 a.m.78 views

WordPress Loco Translate 2.2.1 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/03/28 12:0 a.m.27 views

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/28 12:0 a.m.48 views

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debian GNU/Linux 9...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/28 12:0 a.m.62 views

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/03/28 12:0 a.m.24 views

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion PoC Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2018/10/02 2:24 a.m.86 views

HackerOne: Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session

Hi Team, Summary: I have found an Insufficient Session Expiration on implementation of the new Revoke user session feature of HackerOne here: https://hackerone.com/settings/sessions Description: The new REVOKE session feature will destroy the session of the selected device, that means any request...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2014/04/07 9:37 p.m.16 views

HackerOne: creating titleless and non-closable bugs

Hi, I just found that it's possible to create titleless and non-closable bugs by prepending values for the 'reporttitle' and 'reportvulnerabilityinformation' parameters with '%00' characters respectively. To reproduce: - Create a baseline request via https://hackerone.com/program/reports/new -...

0.4AI score
Exploits0
Rows per page
Query Builder