16 matches found
Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion
Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...
U.S. Dept Of Defense: [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS]
IP Address used to find vulnerability: ██████ Vulnerable Website URL or Application: https://████ pomcldsvr2.████ Proof of ownership: ███ Summary: The server at https://███ is running a vulnerable version of CSA. A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows...
Shopify: [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserTfaEnforcement
Summary: There is an access control issue that happens when a Shopify Plus user tries to update the 2FA requirement of a user in another organisation. While the response shows an error message, an email is sent to the user with the 2FA status, first name, last name, email address, and shop id fro...
Clario: CRLF Injection - http://stage.mackeeper.com/
Summary: CRLF Injection - http://stage.mackeeper.com/ CRLF injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty...
TestLink 1.9.19 Server-Side Request Forgery
Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...
WordPress Loco Translate 2.2.1 Local File Inclusion
Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...
WordPress Anti-Malware Security And Brute-Force Firewall 4.18.63 Local File Inclusion
Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debian GNU/Linux 9...
WordPress Anti-Malware Security and Brute-Force Firewall 4.18.63 Plugin - Local File Inclusion
Exploit for php platform in category web applications Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debi...
WordPress Loco Translate 2.2.1 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian...
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate...
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)
Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software Link: https://wordpress.org/plugins/gotmls/ Version: Version 4.18.63 Tested on: Debian GNU/Linux 9...
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion
Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion PoC Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software...
HackerOne: Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session
Hi Team, Summary: I have found an Insufficient Session Expiration on implementation of the new Revoke user session feature of HackerOne here: https://hackerone.com/settings/sessions Description: The new REVOKE session feature will destroy the session of the selected device, that means any request...
HackerOne: creating titleless and non-closable bugs
Hi, I just found that it's possible to create titleless and non-closable bugs by prepending values for the 'reporttitle' and 'reportvulnerabilityinformation' parameters with '%00' characters respectively. To reproduce: - Create a baseline request via https://hackerone.com/program/reports/new -...