15371 matches found
Brave Software: DNS Leaks when using any VPN Browser extension with Brave Shield enabled
If Brave Shield is enabled alongside with a VPN Chrome extension and adblocking is enabled, some DNS requests may not be forwarded through the VPN tunnel...
Sifchain: Email spoofing
Email spoofing is possible To verify: visit :https://www.kitterman.com/spf/validate.html? and type your domain name to check SPF record you can see the results as: NO valid SPF record found POC: 1.visit http://emkei.cz// 2.fill the from email as [email protected] 3.to email as victim email...
GitHub Security Lab: [Java] CWE-094: Query to detect Groovy Code Injections
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: porcupiney.hairs : Java/Android - Insecure Loading of a Dex File
This bug was reported directly to GitHub Security Lab...
8x8: DNS Misconfiguration (Subdomain Takeover) █.staging.█.8x8.com
An EC2 instance was terminated but the DNS record was initially not updated/removed. The issue has been rectified. Same technique mentioned on https://melbadry9.medium.com/dangling-dns-aws-ec2-e2d801701e8...
GitHub Security Lab: [Java] CWE-295: Disabled certificate validation in JXBrowser
This bug was reported directly to GitHub Security Lab...
VK.com: Обход приватности у фотографий/документов
Просмотр некоторых фотографий и документов через вики-страницы. Интересный баг в wiki-страницах позволял достать почти любую приватную фотографию и любой приватный документ...
VK.com: XSS in vk.link
XSS на vk.link...
Mail.ru: "blog.skillfactory.ru" Vulnerable to Directory Traversal
CVE-2020-11738 on blog.skillfactory.ru...
BugPoC: Finally , CTF is Solved
Summary: Hey Ryan , Thanks for your hints , I was finally able to get /etc/passwd file , Here's my bugpoc id and password. ID - ████ Pass- ██████████ File:-...
Shopify: Self XSS
I have found self xss in myshopify.com/admin/apps/import-store/ POC 1 - Go to yourstore.myshopify.com 2 - Go to settings App - Import maybe ask you for your platform select any one 3 - Upload file csv with file name payload xss " Impact XSS Attack...
Topcoder: CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action
Summary: Hi : There is a CSRF on changing user details. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/users/editmyprofile.action . I added the poc html file below. When someone opens this html file, or we can add it into our website, victim's...
GitHub Security Lab: Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
This bug was reported directly to GitHub Security Lab...
Nord Security: Password Reset Link not expiring after changing the email Leads To Account Takeover
The researcher has identified an issue in our password reset workflow where the password reset URL was not expiring correctly after the user has requested a password change 1 Go to this website : https://ucp.nordvpn.com/lost-password 2 Enter your main account [email protected] 3 Go to [email protected]...
Bumble: On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty
Hello there how are you doing ? Go to sign up page and enter a new phone number and you will be redirected to https://bumble.com/registration/confirm-phone . You will receive a easy breakable 4 digit OTP Code . I waited for about 4 hours and the OTP did not expired , This shows that the OTP can b...
Razer: Reflected XSS at http://promotion.molthailand.com/index.php via promotion_id parameter
The tester discovered a reflected XSS vulnerability on https://easytopup.in.th related to a URL parameter. This issue affected the Firefox browser. Razer thanks the tester for the report and the clear proof of concept...
Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials
Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...
QIWI: какой-то исходный код в корне сайта
Можно было просматривать часть исходных файлов хоста. Нашел этот файл, в нем PHP код. adminer.php.swp F607459 https://shop.tochka.com/%2eadminer%2ephp%2eswp...
LocalTapiola: CORS misconfiguration allows to steal client's "password", Authorization token and the customer details e.g. names, SSN, bank account etc.
Issue The reporter found that ext-gw.lahitapiola.fi had a faulty CORS configuration. Fix Logic and processing around CORS was improved and the issue was fixed. Reasoning The issue is real. CORS as a bug and flaw has real impact. The report was well written and had a good working PoC. This is...
Infogram: Privilege escalation allows to use iframe functionality w/o upgrade
Hello team! I've found a privilege escalation issue which allows to set iframes to the projects w/o upgrading. Steps to reproduce - Login - Navigate to the project - Choose integrations and click the IFrame - See that you'll get upgrade now notification F501019 - Inspect the page with developer...
CFP Time: Content spoofing on error pages or text injection
Poc: https://www.cfptime.org/%20is%20not%20available%20anymore%20,%20pls%20go%20to%20WWW.EVIL.COM%20because%20this%20site. Steps to reproduce: 1: Just browse this target on any browser 2: Target: http://www.cfptime.org/ 3: add any content after For example: this is not available anymore pls check...
Mail.ru: source code leak
A fragment of source code was available for download on flash.terrhq.ru...
Mail.ru: XSS in touch.mail.ru
Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...
Semmle: Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
Summary: Docker Registry HTTP API v2 is exposed in HTTP without authentication. An attacker can use it to dump your docker images and poison them. Description: While digging into the environment that hosts the sandboxed build container, I came across the port 5000 open on another machine probably...
Avito: reflected XSS avito.ru
Привет, авито Я нашел у вас хсс. 1. Переходим по этой ссылке https://www.avito.ru/sankt-peterburg?verifyUserLocation=1login?next=javascript:alert;// 2. Логинимся через ОК, ВК и т.д. 3. XSS выполнена. Impact XSS...
LocalTapiola: Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi
Basic report information Summary: The lahitapiolarahoitus.fi contains an SWF-file which is vulnerable to reflected cross-site scripting attacks via crafted URL. Description: The file https://www.lahitapiolarahoitus.fi/wp-includes/js/mediaelement/mediaelement-flash-audio-ogg.swf contains a...
Node.js third-party modules: [pdfinfojs] Command Injection on filename parameter
Hello , there is a Command Injection vulnerability on the "pdfinfojs" module. Module module name: pdfinfojs version: 0.3.6 npm page: https://www.npmjs.com/package/pdfinfojs Module Description pdfinfo shell wrapper for Node.js Module Stats 10 downloads in the last day 61 downloads in the last week...
Node.js third-party modules: [mcstatic] Path Traversal allows to read content of arbitrary files
Hi Guys, There is Path Traversal in mcstatic module. It allows to read content of arbitrary files on the remote server. Module mcstatic This is a general file server made by nodejs. It will be easy for you to access the files on the server through the browser. https://www.npmjs.com/package/mcstat...
Internet Bug Bounty: Out of bounds read in libcurl's IMAP FETCH response parser
Reported to the curl security mailing list on 6 October 2017. Acknowledged on 6 October 2017. Patched on 8 October 2017. Reported to distros@openwall on 17 October 2017. Public release on 23 October 2017. CVE Pending. Vulnerability An IMAP FETCH response line indicates the size of the returned...
Pornhub: Reflected XSS in login redirection module
The researcher discovered an XSS in the redirect parameter of the front controller which executes upon redirection...
Legal Robot: CORS (Cross-Origin Resource Sharing)
Title: CORS Cross-Origin Resource Sharing Category: Others Affected URL: https://app.legalrobot.com/sockjs/info?cb=pcgb37npst Description: The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all...
Internet Bug Bounty: EBCDIC overread (CVE-2016-2176)
https://github.com/openssl/openssl/commit/ea96ad5a206b7b5f25dad230333e8ff032df3219...
Snapchat: Subdomain takeover in http://support.scan.me pointing to Zendesk (a Snapchat acquisition)
harrymg helped us identify an issue in which support.scan.me's CNAME was pointing to scan.zendesk.com. Normally there would be a Zendesk instance there, but in this case, the Zendesk instance was no longer in use. As such, harrymg was able to "claim" scan.zendesk.com from Zendesk. As such, any...
Souq.com: reflected xss on search bar (uae.souq.com)
the xss is executed in android phone or you can download user-agent switcher for google chrome then click Current: Android Handset to reproduce this bug as you see in pic 2.PNG steps: 1 go to http://uae.souq.com 2 put this payload on search bar : xss'+alert1+' 3the payload xss is executed 4 this...
Concrete CMS: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)
Pls see attachment files for details: python ssltest.py concrete5.org 443|more impact: critical, pls patch it ASAP References: https://www.openssl.org/news/secadv20140407.txt http://heartbleed.com https://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3 g4mm4...
Node.js: GOAWAY HTTP/2 frames cause memory leak outside heap
A memory leak could occur when a remote peer abruptly closed the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could have led to increased memory...
Glassdoor: Web Cache Deception
A web caching issue was discovered on an endpoint which inappropriately cached a user's feed page under certain conditions...
Internet Bug Bounty: CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows
A potential denial of service vulnerability was discovered in the UsernameField component in Django before versions 4.2.7, 4.1.13, and 3.2.23. The vulnerability allowed a denial of service attack via malformed input containing a large number of Unicode characters. The issue was addressed by...
Tor: 'Request English versions of web pages for enhanced privacy' keeps previous (grayed out) settings
The vulnerability allowed an attacker to identify users who had changed their language settings in the Tor Browser. By exploiting JavaScript and HTTP fingerprinting techniques, the attacker could determine the user's language preferences, even if the user had enabled the "Request English versions...
Internet Bug Bounty: [curl] CVE-2023-32001: fopen race condition
CVE-2023-32001 is a vulnerability in the curl library that allowed for a race condition between the stat and fopen functions. This race condition could be exploited to trick users into overwriting protected files or to steal sensitive data, such as cookies. The vulnerability was fixed in a recent...
Nextcloud: Missing brute force protection for passwords of password protected share links
A missing brute force protection vulnerability was found in the password protection feature of shared files, allowing an attacker to bypass the password protection of the shared files due to the lack of rate limit. This could lead to unauthorized access to protected files...
Shopify: Cross-site scripting on api.collabs.shopify.com
Summary: Shopify collabs collabs.shopify.com is a new platform for content creators / influencers to discover and advertise the millions of brands of Shopify. The content creators can apply for different brands on this platform and get paid affiliate marketing. I discovered a cross-site scripting...
Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...
Internet Bug Bounty: CVE-2022-32205: Set-Cookie denial of service
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the...
U.S. Dept Of Defense: ██████████ vulnerable to CVE-2022-22954
I found that one of the targets belongs to DOD vulnerable to CVE-2022-22954 where an attacker may be able to execute any malicious code like escalating Remote code execution is also possible Technical Summary: CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspac...
Paragon Initiative Enterprises: Recaptcha Secret key Leaked
Greeting from @kashifinfo90, I hope Paragonie Security Team is doing great, Following Secret Keys are leaked: "secret-key": "6Ldy5BYTAAAAAPBh868BMm2nGZelOUyXJHTUE4no", "site-key": "6Ldy5BYTAAAAACk3Tj8wDUBLcVxSL2JXFBw-Dtj3" "secret-key": "6Ld27iETAAAAAF6tsd5SaoCgc5cFX-tkfHqx7FtX", "site-key":...
MTN Group: firebase credentials leaks @ https://mtnhottseat.mtn.com.gh
Hello. I found firebase credentials leaks at https://mtnhottseat.mtn.com.gh. Steps To Reproduce: Visit https://mtnhottseat.mtn.com.gh Right click view source code. Supporting Material/References: // Your web app's Firebase configuration // For Firebase JS SDK v7.20.0 and later, measurementId is...
Brave Software: Information disclosure
Vulnerability tested on:- Brave 1.29.81 Chromium: 93.0.4577.82 Official Build 64-bit Vulnerability description:- For security measures and for privacy purposes, Brave has the ability to open a normal tab of the Brave when we navigate to: chrome://wallet, chrome://history etc. due to the reason th...
GitHub Security Lab: [JavaScript]: CWE-1004: Sensitive cookie without HttpOnly
This bug was reported directly to GitHub Security Lab...
Sifchain: Social media links not working
Summary: Hey team when i research i found business Logic issue and i will explain to you Steps To Reproduce: POC:- 1. Goto https://sifchain.finance/ 2.Try to add anything after https://sifchain.finance/ 3. Now you will show 404 page not found. 4. Look below in the page you will show links of soci...