Pterodactyl vulnerable to 2FA Sniffing

Pterodactyl version 0.7.13 and lower - 2FA Sniffing Users who have enabled 2FA protections on their account can unintentionally have their account's existence sniffed by malicious users who enter random credentials into the login fields. Impact Users who have enabled 2FA protections on their...

GHSA-FG52-XJFC-9RH8 Pterodactyl vulnerable to 2FA Sniffing

Pterodactyl version 0.7.13 and lower - 2FA Sniffing Users who have enabled 2FA protections on their account can unintentionally have their account's existence sniffed by malicious users who enter random credentials into the login fields. Impact Users who have enabled 2FA protections on their...

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...

HackerOne: Inline banner on Report page discloses whether organization runs a private program

Summary: Hi team , @jobert Description: Your engineers have created inscription - You are participating in a private program for ████████. Please do not publicly discuss the program until the program goes public. When a hacker creates a report in an external program with a private page, we will s...