Lucene search
+L

4 matches found

Huntr
Huntr
added 2023/03/16 8:0 a.m.21 views

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...

6.5CVSS8.4AI score0.00706EPSS
Exploits2References1
Huntr
Huntr
added 2022/12/26 4:45 a.m.30 views

An user can delete other user's post

Description As the title, an attacker can delete other user's post via post id can be bruteforce Here is video poc: https://drive.google.com/file/d/18QucWYwkpO9kVPMqNzSQ-ptwrZGk-UP9/view?usp=sharelink Proof of Concept DELETE /api/memo/$1026$ HTTP/2 Host: demo.usememos.com Cookie:...

4CVSS1.1AI score0.00713EPSS
Exploits1
Hacker One
Hacker One
added 2020/08/27 7:24 p.m.62 views

U.S. Dept Of Defense: IDOR to Account Takeover on https://████/index.html

Hello Team! Summary: I found when you wish to update your profile on https://███████/ after your login through https://██████████/signIn/signIn.html website due to an IDOR. This IDOR gives you the opportunity to change the origin email for the registered account by changing the ID parameter on th...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.19 views

Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow

!/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor Homepage: http://www.dupscout.com/ Version : v9.9.14 Software Link ...

7.4AI score
Exploits0
Rows per page
Query Builder