86 matches found
Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription
A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...
lemlist: Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries
An authorization issue was discovered in the application that allowed a tenant admin to change the password of another user within the same tenant, including invited agency accounts. The victim had to first accept the invitation before the attacker could proceed. The issue could allow unintended...
EUVD-2020-2971
Malware in sbrugna...
curl: Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling
Title: Stack-based Buffer Overflow in TELNET NEWENV Option Handling Vulnerability Description: Summary: A stack-based buffer overflow vulnerability exists in the libcurl TELNET handler. When libcurl connects to a malicious TELNET server, the server can trigger an overflow by sending a NEWENVIRON...
Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account
A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request using the attacker's session, but including the victim's email and password hash in the JSON payload. T...
curl: Improper Restriction of Authentication Attempts in cURL
Summary: The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials. This issue affects authentication-based requests and could lead to unauthorized access if an attacker successfully guesses a vali...
curl: -H with space prefix leads to previous header injection when used with --proxy
Summary: Hi team, I hope you're doing well. Recently I came accross this weird curl behavior where -H "spaceheader: value" would inject the header in the previous HTTP header. Tried it on mac OS Sequoia 15.1 with curl version curl 8.11.0 aarch64-apple-darwin24.1.0 libcurl/8.11.0 OpenSSL/3.4.0...
curl: Arbitrary File Deletion Vulnerability in curl Source Code via os.unlink()
Summary: The curl source code's testing scripts contain instances where the os.unlink function is used to delete files without validating the input file paths. This introduces a risk of arbitrary file deletion when these scripts are executed with malicious or manipulated inputs. Although the...
jet-japan.ne.jp Cross Site Scripting vulnerability OBB-3417216
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Basecamp: Spam & Clearance checks disabled with existing referenced Message-ID
A vulnerability in the inbound email processing allowed crafted emails to bypass spam filtering and The Screener when they appeared to be in reply to an existing thread...
vibber.com Cross Site Scripting vulnerability OBB-3186206
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
gottable.in Cross Site Scripting vulnerability OBB-2936751
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Persistent Cross Site Scripting - LayoutEditor Module - Settings
Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On LayoutEditor module from Settings, the type of fieldModel-label parameter is "Text" but it is not validated and it's used directly without any encoding or validation on LayoutEditor/EditField.tpl. It...
rollico.com Cross Site Scripting vulnerability OBB-2224614
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Reboot of PunkSpider Tool at DEF CON Stirs Debate
Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analyti...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️♂️ Proof of Concept...
CVE-2020-10519
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
Remote code execution
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-10519 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...