Authentication Bypass

onionsharecli is vulnerable to Authentication Bypass. The vulnerability exists in the upload function in receivemode.py file, allowing authorized users to spoof their leave event and hide the existence...

Denial Of Service

onionsharecli is vulnerable to denial of service. The vulnerability exists in the ef init function in receivemode.py file, due to limitations in concurrent upload allowing an attacker to cause an application crash...

User Impersonation

onionsharecli is vulnerable to user impersonation. An attacker with access to the chat environment is able to update the name string to that of another user by appending a space character at the end of it, allowing to impersonate other participants...

Authentication Bypass

onionsharecli is vulnerable to authentication bypass. The vulnerability exists in chatmode.py because the chat sessions are not handled with proper validations which allows an attacker to access the chat environment, impersonate existing chat participants and write messages...

Improper Access Control

onionsharecli is vulnerable to improper access control. The vulnerability allows a remote unauthenticated attacker to inject javascript or other external resources like fonts or images via Tor network because it is not possible to configure this CSP for individual pages...

Path Traversal

onionsharecli is vulnerable to path traversal. The vulnerability exists in the common.py as it does not properly validate the access permissions, which allows an attacker to access sensitive information in the user's home folder...