8 matches found
PortSwigger Web Security: [portswigger.net] Path Traversal al /cms/audioitems
Vulnerability description not provided...
PortSwigger Web Security: CSP Bypass and escalation of https://hackerone.com/reports/2279346
Vulnerability description not provided...
atrocore 1.5.25 User interaction - Unauthenticated File upload Vulnerability
Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create Import Feed...
OWOX, Inc.: Reflected XSS
Hi team, I have found an XSS at https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28/dashboard/?trial=activated Because the input is not properly filtered, resulting in XSS being executed Vulnerable area: ----- 6177527534dc114eb07fa829e4ce4d28 The URL will now be:...
PortSwigger Web Security: Misconfiguration: Missing Custom Error Page (CWE-12 & CWE-756)
Hi I found that custom errors for http://portswigger.net application framework are not configured., so application vulnerable to CWE-756 & CWE-12 https://cwe.mitre.org/data/definitions/12.html https://cwe.mitre.org/data/definitions/756.html - Impact: Default error pages gives detailed information...
PortSwigger Web Security: Email Spoofing
There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other portswigger email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email from...
PortSwigger Web Security: Order-phishing via Payment ID URL
Hello. I discovered the endpoint, which allows the attacker conduct the fishing attack to other users and they can pay for attacker's order. Why this can happen? On the site, order id parameter sends to the https://portswigger.net/CCPayment.aspx as POST, but attacker can append it as GET and it...
Adobe Issues HotFix For ColdFusion
Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...