Lucene search
+L

8 matches found

Hacker One
Hacker One
added 2024/03/20 7:26 a.m.78 views

PortSwigger Web Security: [portswigger.net] Path Traversal al /cms/audioitems

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/02/23 5:22 a.m.74 views

PortSwigger Web Security: CSP Bypass and escalation of https://hackerone.com/reports/2279346

Vulnerability description not provided...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.207 views

atrocore 1.5.25 User interaction - Unauthenticated File upload Vulnerability

Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create Import Feed...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/11/09 7:9 a.m.78 views

OWOX, Inc.: Reflected XSS

Hi team, I have found an XSS at https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28/dashboard/?trial=activated Because the input is not properly filtered, resulting in XSS being executed Vulnerable area: ----- 6177527534dc114eb07fa829e4ce4d28 The URL will now be:...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/05/16 5:29 p.m.79 views

PortSwigger Web Security: Misconfiguration: Missing Custom Error Page (CWE-12 & CWE-756)

Hi I found that custom errors for http://portswigger.net application framework are not configured., so application vulnerable to CWE-756 & CWE-12 https://cwe.mitre.org/data/definitions/12.html https://cwe.mitre.org/data/definitions/756.html - Impact: Default error pages gives detailed information...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2017/02/14 3:31 p.m.54 views

PortSwigger Web Security: Email Spoofing

There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other portswigger email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email from...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/11/30 1:21 p.m.50 views

PortSwigger Web Security: Order-phishing via Payment ID URL

Hello. I discovered the endpoint, which allows the attacker conduct the fishing attack to other users and they can pay for attacker's order. Why this can happen? On the site, order id parameter sends to the https://portswigger.net/CCPayment.aspx as POST, but attacker can append it as GET and it...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/11/17 2:45 p.m.25 views

Adobe Issues HotFix For ColdFusion

Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...

4.3CVSS0.4AI score0.04482EPSS
Exploits1References4
Rows per page
Query Builder