324 matches found
CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...
CloudPanel 安全漏洞
CloudPanel is a free software from CloudPanel open source. It is used to configure and manage servers. A security vulnerability exists in CloudPanel versions prior to 2.3.1 that stems from having insecure file manager cookie authentication...
CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...
CVE-2023-35885
CloudPanel 2.x versions before 2.3.1 are vulnerable due to insecure file-manager cookie authentication, enabling remote code execution as root (CVSS 3.1: 9.8). Public disclosures and proof-of-concept tooling exist (Nuclei template for CVE-2023-35885; GitHub exploit). Affected product: CloudPanel;...
LinkedInDumper - Tool To Dump Company Employees From LinkedIn API
Python 3 script to dump company employees from LinkedIn API Description LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform. The results contain firstname, lastname, position title, location and a user's profile link. Only 2 API calls are...
SUSE CVE-2005-2869
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...
SUSE CVE-2007-6100
Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...
WordPress Testimonial Slider and Showcase 2.2.6 Plugin - Stored XSS Vulnerability
Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6 Tested on:...
CVE-2022-29733
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...
Leakage of third-party OAuth token via redirect
Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the redirect parameter and redirect the user and the OAuth token to an attacker controlled site. Proof of Concept 1. An attacker...
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...
CVE-2021-45900
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...
Vivoh Webinar Manager 授权问题漏洞
Vivoh Webinar Manager is a multicast application manager from the Vivoh team. A security vulnerability exists in the API prior to Vivoh Webinar Manager version 3.6.3.0 that stems from incorrect API authentication. When a user logs into the Management Configuration Web Portlet, a VIVOHAUTH cookie ...
Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover
The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value to...
WordPress plugin 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Site Reviews, which stems from the program not filtering and escaping the...
Command injection
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
LedgerSMB 安全漏洞
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, and more. A security vulnerability exists in LedgerSMB that stems from LedgerSMB not setting the Secure attribute on the session authorization...
Riak Insecure Default Configuration / Remote Command Execution Vulnerabilities
Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use. Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance,...
GHSA-8H2J-CGX8-6XV7 Cross-Site Request Forgery (CSRF) in FastAPI
Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...
PYSEC-2021-100
FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...