sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...

Cross-Site Request Forgery (CSRF) in bytebase/bytebase

Description all part of application That use POST http method to change or create data are vulnerable to CSRF attacks. for example the PATCH methods are not vulnerable I will show just create a member POC for you and if you want to see other POCs of other endpoint just say me to provide them too ...

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...

Liberapay: Liberapay Non Verified Account Takeover with signup feature

Hi, So i saw a strange behaviour of your web on signup feature when that can be escalated to Account Takeover but for limited timeline, Issue: When a New user signup for an account on https://en.liberapay.com/ he have to enter his email address only and it doesn't say anything about sending a...

HackerOne: Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session

Hi guys , I have found a way to use the open redirect vulnerability that zendesk refused to fix and we discussed it in 101146 to bypass intristial redirect. in 101146 , @bencode said : I tend to agree with Zendesk, we don't really see any security issues with it. We use our interstitial to warn t...

Vimeo: Full account takeover via Add a New Email to account without email verified and without password confirmation.

Description : This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals Bug : Add a New Email to account without email verified and without password confirmation when the leaves open email ,Leading to the theft of account In less...

Site@School <= 2.3.10 Remote Blind SQL Injection Exploit

No description provided by source. ? / -------------------------------------------------------- Site@School = 2.3.10 Remote Blind SQL Injection Exploit -------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http:// details..: works wit...

File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition Date: March 26, 2005 Summary: There are file include and xss vulnerabilities in E-Store Kit-2 PayPal Edition...

Fwd: Re: phpnuke, security problem...

Hi, Due to this reply, i see no reason to delay this. No patch nor new version has been released, for a quick fix, see below. Regards, Joao Gouveia ------------ [email protected] Francisco Burzi [email protected] Joao Gouveia wrote: Helo Francisco, There is yet another security flaw with the new...