21 matches found
EUVD-2024-18734
Malicious code in bioql PyPI...
Top AWS re:Invent Announcements for Security Teams in 2024
AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access...
CVE-2023-28457
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful...
CVE-2023-28457
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful...
HackerOne: LLM01: Invisible Prompt Injection
The report described a vulnerability in Hai's system involving invisible prompt injection via Unicode tag characters. The vulnerability allowed the submission of a test report with a fake report containing hidden characters, which could be used to inject prompts into the system's responses. The...
A.S. Watson Group : Access to internal info via Graphql on https://tng-api.watsons.com.my
Vulnerability description not provided...
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...
Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures CVEs often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and...
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
Elastic: Synthetics Recorder: Code injection when recording website with malicious content
A vulnerability was discovered in the Synthetics Recorder tool, which allows attackers to inject arbitrary code into a recording session. The waitForNavigation event calls quote within the context of a multi-line comment, which can be escaped with a specially crafted URL. This can lead to code...
Business Logic Errors
Description I found a IDOR vulnerability where we can able to delete their product in the cart by the id parameter Steps to Produce: First add any product in to the cart and checkout In the checkout page , we can see the cart details and we have functionality to delete the product also I gave the...
Cross-site Scripting (XSS) - Stored in mautic/mautic
Description When installing Mautic both via UI or CLI the first and last name of the admin account are not sanitised before being stored in the database. This results in a possible stored XSS possibility, as those fields are displayed and re-used without any sanitisation. During install the raw...
Cross-site Scripting (XSS) - Stored in convos-chat/convos
Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their invoice system. 🕵️♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description Reflected XSS in changebranch.php where due to improper implementation of code an attacker is able to inject malicious tags 🕵️♂️ Proof of Concept $branch = escapeshellcmd$GET'branch'; $command = "sudo /opt/fpp/scripts/gitbranch " . $branch . " 2&1"; echo "Command: $command\n";...
MSRC Security Researcher Recognition: 2021
Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...
MSRC Security Researcher Recognition: 2021
Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...
Bumble: Misconfigured oauth leads to Pre account takeover
Summary While testing badoo i have noticed that users can use SMAL Google,MSN,VKontakte,Odnoklassniki,Yandex Mail.Ru to create and login to badoo accounts. Now there are two ways of registering into badoo By email registration Google,MSN,VKontakte,Odnoklassniki,Yandex,Mail.Ru oauth login Now here...
Weblate: Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]
Hi There is a CSRF bug on your Website leads to logout user from the dashboard. If the user click on the attached file CSRF.html redirect to another page and see the following error and the user log out immediately: F1029146 Steps to reproduce: 1- Login to your account via Login page 2- Click on...
Grab: Blind stored xss [parcel.grab.com] > name parameter
Hi, my previously reported blind xss is fixed but i found same type of xss in diffrent area with more impact. Steps to repro: 1. create new account with name " here https://parcel.grab.com/ 2. afftected page is https://app.detrack.com/a/ where admin can see all the user's of application and this ...