PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested...

LibreNMS vulnerable to rate limiting bypass on login page

Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...

Captcha Bypass on login

Description So if we login incorrectly multiple times, we get captcha. Each captcha has "captchaid" and solve "captchacode" For example: "captchacode":"8awt" "captchaid":"7nToXDrT6SkJ2BJxKG1u" You can use same captcha code and captcha id in login without any problem Captcha is generated with -...

Acronis: HTTP Request Smuggling on https://promosandbox.acronis.com

Summary The website https://promosandbox.acronis.com is vulnerable to HTTP Request Smuggling which can be abused by an attacker to redirect all the users to a malicious website. A redirect can be forced by changing the Host request header using the path /sf but the website will redirect you to...

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" &...

Nord Security: Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com

Go to https://affiliates.nordvpn.com/users/forgotpassword. Enter arbitrary string like %0a or %0a%0d as email. It says, No user account was found for the address given, which proves the query are going till the database. Intercept request using Burp Interceptor, copy to intruder Copy some 300...

Vimeo: No Limitation on Following allows user to follow people automatically!

Hello, i'm not sure it's intentional or somehow you missed it, I noticed that when User follow people on Vimeo, CSRF token of the request doesn't change at all. It's become something like a static code for a single session. ex: POST: https://vimeo.com/user12345 = ID POST CONTENT:...

Windows NT SNMP agent leaks memory

Overview The Microsoft SNMP agent, prior to Windows NT 4.0 Service Pack 4.0, will leak memory. Description Microsoft's SNMP agent, snmp.exe, priot to Windows NT 4.0 Service Pack 4.0, will leak memory if the OID cannot be decoded. Quoting from Microsoft KB article Q178381, If SNMP cannot decode an...