11967 matches found
uToken ERC20 approve method missing return value check #L109
Handle defsec Vulnerability details Impact The initiateVaultFillingZcTokenInitiate function performs an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead. Proof of Concept 1. Navigate to "" 2...
Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues...
Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
The plugin does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which wi...
Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)
Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...
Cross-Site Scripting (XSS)
edge.js is vulnerable to cross-site scripting. A lack of validation of type when an attacker inputs an array regardless of the use of instead of a string allows an attacker to inject and execute malicious script...
Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words
The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...
CVE-2020-20894
...
Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files
A tool for generating multiple types of NTLMv2 hash theft files. ntlmtheft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the...
SAP Contact Center Cross-Site Scripting Vulnerability
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could use the vulnerability ...
Sensitive Cookie Without 'HttpOnly' Flag in babybuddy/babybuddy
Description HttpOnly flag not mentioned Proof of Concept step to reproduce below show request GET /login/?next=/google.com HTTP/1.1 Host: demo.baby-buddy.net User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept:...
Evolution CMS 3.1.6 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Example: python3...
location.transdev.com Cross Site Scripting vulnerability OBB-2139704
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
WordPress SQL injection vulnerability
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in Wordpress Plugin Alipay, which stems from the product...
Brute-Force Attacks Target Inboxes for Gift Card Data
Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The actors behind the scam—outlined in a post by Brian Krebs on Krebs on...
Rundeck Cross-Site Request Forgery Vulnerability
Rundeck is an open source automation service with a web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. a cross-site request forgery vulnerability exists in Rundeck, which stems from the fact that users with access to the "system" resource...
Microsoft SharePoint Server 2019 < 16.0.10376.20001 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source da...
DSA-4965-1 libssh - security update
Bulletin has no description...
Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'PHPSELF' input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/alert/XSS//?page=cnsssocialiconpage...
Data race in conqueue
Affected versions of this crate unconditionally implemented Send/Sync for QueueSender, allowing to send non-Send T to other threads by invoking &QueueSender.send. This fails to prevent users from creating data races by sending types like Rc or Arc to other threads, which can lead to memory...