685 matches found
Weblate: Directory Listing
Proof Of Concept Navigate this domain: https://hg.weblate.org Some information Disclosure: https://hg.weblate.org/sumwars/Changelog.txt https://hg.weblate.org/kallithea-stable/Apache-License-2.0.txt Some software verison Thanks,...
Weblate: You can simply just use passwords that simply are as 123456
This may not be a issue but is a flaw for many websites because passwords should contain letters and characters like - and much more. Uppercase, lowcase. as it makes it much more secure it will be acceptable. this might scare your customers away feeling unsecure...
Weblate: CSRF - Changing the full name / adding a secondary email identity of an account via a GET request
SUMMARY ---------- Hello, I have found a CSRF request via the activation email that will change the full name of the targeted account. This vulnerability exists if the attacker registers a new account and then gives his activation link to someone else. If the victim uses the received activation...
Weblate: Improper Password Reset Policy on https://hosted.weblate.org/
Application should not allow the user to set the last 3-5 password in terms of secure design principles. It should give a warning or provide such avoidance while user is using repetitive usage of passwords. Repro: 1. Try to set same old password via Password Reset link. Fix: Application should...
Weblate: Insecure Account Removal
Hi Team, The removal of account is one of the sensitive part of a web application that needs to protect, therefor removing an account should validate the authenticity of the legitimate user, however i have found that when removing an account, the system did not require the user to input the accou...
Weblate: CSRF : Lock and Unlock Translation
Description : Attacker can force to victim for Lock and Unlock Translation. That HTTP Request : GET /lock/aptoide-uploader/strings/ka/ HTTP/1.1 Host: hosted.weblate.org Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10123 AppleWebKit/537.36 KHTML,...
Weblate: CSV Injection with the CSV export feature
Step to reproduce : 1.go to https://hosted.weblate.org/dictionaries/aptoide-uploader/bn/add 2.add "=1+1" to Source and Translation filed F178723 3.now do CSV export 4.you can see all the cell is displayed as "2" which means the code is executed. Best Regad's, Jay Patel...
Weblate: Already Registered Email Disclosure
Hello, In the registration at https://hosted.weblate.org/accounts/register/ , I found that trying an already used email would inform the register that you are trying used one, so with a dictionary of emails a hacker can determine the emails of all users in database and use that in phishing. Note:...
Weblate: Activation tokens are not expiring
Hi Team, Domain: demo.weblate.org In this bug, maybe it is low risk but i have found a way to login any person to the attackers account, therefor when any user login to attackers account, the attacker can see the users activity on attackers account. The issue relies on the password reset. Stes to...
Weblate: CSRF : Reset API
Description : Attacker can force to victim for reset his API. That HTTP Request : GET /accounts/reset-api-key/ HTTP/1.1 Host: hosted.weblate.org Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10123 AppleWebKit/537.36 KHTML, like Gecko...
Weblate: [demo.weblate.org] Stored Self-XSS via Editor Link in Profile
Hi, Input validation and/or sanitisation is not currently applied to the "Editor Link" in the user's Preferences. Consequently, it is possible to store a JavaScript payload which is stored and executes in the Weblate instance context. F178717 Steps to reproduce 1. Visit the above Preferences page...
Weblate: No expiration of session ID after Password change
If an user changes his password, the session persists and new session ID won't be created. POC - 1. Make any request and capture it using any proxy burp 2. Go to account settings and change the password. 3. Replay the captured request by changing any parameterusername or fullname 4. You get a...
Weblate: Open Redirect via "next" parameter in third-party authentication
Hi, It is currently possible to execute an open redirection attack via the next parameter with the inclusion of a triple-slash prefix. Proof of Concept Redirect URL https://demo.weblate.org/accounts/login/github/?next=///google.com After authenticating, the user will be immediately redirected to...
Weblate: Registration captcha bypass
Hello, I've found that it is possible to bypass captcha during registration. Attacker can automatize registration process and create multiple accounts. Here are steps to reproduce: 1. Go to registration page. Type information and catch request in proxy. 2. Get correct answer for captcha and captc...
Weblate < 2.10.1 Information Disclosure Vulnerability
Weblate is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:weblate:weblate"; if...
Weblate Detection (HTTP)
HTTP based detection of Weblate. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.106667";...
Design/Logic Flaw
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests...
PYSEC-2017-42
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests...
CVE-2017-5537
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests...
PYSEC-2017-42
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests...