Design/Logic Flaw

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

OpenSSL 3.1.0 < 3.1.4 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.1.4. It is, therefore, affected by a vulnerability as referenced in the 3.1.4 advisory. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation...

Sql injection

FUXA = 1.1.12 is vulnerable to SQL Injection via /api/signin...

Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

Screen SFT DAB 600/C - Authentication Bypass Account Creation

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

Screen SFT DAB 600/C Authentication Bypass / Account Creation

!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Account Creation Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version:...

SUSE CVE-2022-1872

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page...

Cloudflare Public Bug Bounty: 2FA BYPASS

A vulnerability in Cloudflare's Dashboard allowed for the retrieval of recovery codes without completing the authentication process. The issue was resolved by disallowing requests to the vulnerable API endpoint until users were fully authenticated...

Vulnerabilities fixed in VMware Cloud Foundation

VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

vuln4japi A vulnerable Java based REST API for demonstrating C...

Improper Access Control in teamultroid/ultroid

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

Improper Access Control in kenzo-404/lynx-userbot

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

Rocket.Chat: Hi! Security Team Rocket.Chat, It's possible to get information about the users emails without authentication

Description: Email enumeration vulnerability. Vulnerable api method: /api/v1/users.2fa.sendEmailCode Releases Affected:: Rocket.Chat up to 3.10.5 Request for existing account: POST /api/v1/users.2fa.sendEmailCode HTTP/1.1 Host: rocket-chat.local:3000 Referer: http://rocket-chat.local:3000/home...

CVE-2020-3985

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their...

Privilege escalation

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their...

Code injection

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

Spying on old folks

We’ve tested plenty of kids GPS tracker watches over the years. Nearly all we looked at had critical security issues. For a BBC show a while back we were asked to investigate the security of similar trackers for the elderly. They’re a nice idea; allowing people to live independently for longer an...

TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot

TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Date: 2020-01-20 Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version:...

Node.js: url.parse() hostname spoofing via javascript: URIs

Summary: Using url.parse in security sensitive checks is dangerous as an arbitrary hostname can be spoofed via javascript: URIs. Description: The original url.parse API is dangerous as it allows to spoof an arbitrary hostname via a javascript: URI: bash $ node -e...