15267 matches found
Nextcloud: Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist
Improper handling of request URLs allowed guest users to bypass application allowlist in Nextcloud guests app...
Nextcloud: Non-admin users can reset app allowlist to the default
A vulnerability was disclosed where non-administrative users could reset the application allowlist to the default state. This could have allowed malicious apps to be installed...
Internet Bug Bounty: CVE-2023-47037: Airflow Broken Access Control Vulnerability
A broken access control vulnerability in Apache Airflow versions before 2.7.3 allowed authenticated users with DAG view authorization to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start date...
Nextcloud: Authentication bypass in Global Site Selector allows an attacker to log in as any user
Authentication bypass vulnerability in software allowed attacker to bypass authentication and log in as any user...
U.S. Dept Of Defense: Unauthenticated File Read Adobe ColdFusion
A vulnerability allowing unauthenticated arbitrary file read in Adobe ColdFusion was discovered. This could result in unauthorized access to sensitive data on affected systems. The vulnerability impacts ColdFusion versions 2021 Update 5 and earlier, and 2018 Update 15 and earlier. Mitigation is t...
Nextcloud: RCE on Wordpress website
A remote code execution vulnerability was exploited on a WordPress website due to unsafe deserialization of user input. This allowed arbitrary code execution as the web server user...
FetLife: Able to see highest poll result without voting or view result
Vulnerability description not provided...
Nextcloud: Can download files by zipping the folder
A vulnerability was identified where files could be downloaded without proper permissions by zipping and downloading a folder, despite not having direct download access. This allowed circumvention of view-only restrictions...
U.S. Dept Of Defense: Unauthorized access to Argo dashboard on █████
The Argo deployment on █████ was found to be vulnerable to unauthorized access, allowing manipulation of workflows and sensors. This could lead to compromise of sensitive data. Urgent mitigation is advised...
GitHub: Self XSS in Tag name pattern field /<username>/<reponame>/settings/tag_protection/new
A self-XSS vulnerability was discovered in the tag name pattern field of the tag protections UI in GitHub Enterprise Server. The vulnerability allowed a malicious website that required user interaction and social engineering to make changes to a user account via a CSP bypass with created CSRF...
Nextcloud: App PIN code can be bypassed in Files iOS
A vulnerability was discovered in the PIN code implementation of the Files iOS app version 4.9.1 that allowed an attacker to bypass the PIN code protection via brute force due to lack of rate limiting, enabling unauthorized access to the app...
X (Formerly Twitter): Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File
The vulnerability allowed the retrieval of a user's X username and user ID from a dynamically generated JavaScript file hosted on Twitter. An attacker could force a victim to import the file from a malicious website, bypassing the Same-Origin Policy and exposing the user's sensitive information...
Internet Bug Bounty: Cookie headers are not cleared in cross-domain redirect in undici-fetch
Cookie headers were not always cleared in cross-domain redirects in undici-fetch CVE-2023-45143. Undici did not clear Cookie headers on cross-origin redirects as intended by the specification. This could lead to accidental leakage of cookies to third-party sites or malicious attackers controlling...
Mars: Information Exposure due to enabled debug mode
The server was found to be exposing system information to unauthenticated users due to the enabled debug mode. The disclosed information included details about the technologies and versions being used in the production system, such as the Python version, Django version, and the database driver in...
HackerOne: [hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse
Vulnerability description not provided...
Node.js: Code injection and privilege escalation through Linux capabilities
A vulnerability was found in Node.js on Linux where it incorrectly applied an exception for the CAPNETBINDSERVICE capability even when other capabilities were set. This allowed unprivileged users to inject code that inherited elevated privileges of the process...
Node.js: HTTP Request Smuggling via Content Length Obfuscation
The team identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers could lead to HTTP request smuggling. Specifically, if a space was placed before a content-length header, it was not interpreted correctly, enabling attackers to smuggle in ...
curl: CVE-2023-46219: HSTS long file name clears contents
Vulnerability description not provided...
SideFX: Session Doesn't expire after 2fa and also other session can change passsword
A vulnerability was found where user sessions were not terminated after two-factor authentication was enabled, allowing the password to be changed from an active session that did not have two-factor authentication enabled...
Mars: Client Side Template Injection to Stored XSS in Image Collection
The client-side template injection vulnerability allowed attackers to dynamically embed malicious input in web pages. When the template framework rendered the page, it executed the attacker's template expressions, leading to a cross-site scripting XSS attack...
Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.
A vulnerability was discovered on https://cloud.e.khanacademy.org that allowed text injection via breaking out of an input tag. By inserting a closing angle bracket in a parameter value, an attacker could inject arbitrary text that would be reflected on the page, enabling phishing attacks. The...
Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A vulnerability in Node.js HTTP servers was discovered that allowed denial of service DoS attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to re...
A.S. Watson Group : Access to internal info via Graphql on https://tng-api.watsons.com.my
Vulnerability description not provided...
U.S. Dept Of Defense: XSS in Cisco Endpoint
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software were found that could allow cross-site scripting attacks against a user of the affected device's web services interface. By exploiting...
U.S. Dept Of Defense: Unathenticated file read (CVE-2020-3452)
A vulnerability was found that allowed unauthenticated remote attackers to conduct directory traversal attacks and read sensitive files on affected Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense systems. This was due to a lack of proper input validation of URLs in HTTP...
U.S. Dept Of Defense: Elasticsearch is currently open without authentication on https://██████l
An Elasticsearch instance accessible at https://██████l was found to be open without authentication, exposing data to unauthorized access. The vulnerability allowed listing and extraction of sensitive data stored in the Elasticsearch indexes. To mitigate, authentication and authorization controls...
Kubernetes: CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
Insufficient input sanitization in an in-tree storage plugin was found to lead to privilege escalation on Windows nodes. The issue was assigned CVE-2023-5528 and rated as a Tier 1 High severity vulnerability by the Kubernetes team, who verified the report and are working on a fix...
Nextcloud: Bruteforce protection in password verification can be bypassed
A vulnerability was found where the IP address used for brute force protection in Nextcloud server could be bypassed by adding a valid X-Forwarded-For header. This allowed an attacker to bypass the brute force protection and brute force login credentials...
PortSwigger Web Security: Title: Deceptive Manipulation of HTTP to HTTPS with VPN in Burp Suite
Vulnerability description not provided...
HackerOne: Private program name disclosure in the invitation mail for another program
A private program name was disclosed in an invitation email for another program...
Snowplow: Unauthorised ██████████ Auth via Token Leakage & HTTP Header Injection
Summary We've identified that your Email Filtering mechanism is misconfigured in the way it visits suspicious links. This behavior is dangerous, as data exfiltration is possible when a 3rd party service sends an incoming email containing sensitive data. A great example would be a reset password...
Internet Bug Bounty: Permission model improperly protects against path traversal in Node.js 20
A path traversal vulnerability was introduced in Node.js 20 due to insufficient patching of CVE-2023-30584. The vulnerability arises because the permission model implementation does not protect itself against the application overwriting built-in utility functions like path.resolve with user-defin...
8x8: Unprotected Atlantis Server at https://152.70.█.█
The Atlantis test server at https://152.70.█.█ was found to be exposed without protection. Atlantis is an application used to automate Terraform via pull requests. The issue was identified and resolved by restricting access to the Atlantis service...
TikTok: Multiple Open Redirect on TikTok domains
An open redirect vulnerability was discovered in the login process on TikTok Seller domains. This could have allowed takeover of a TikTok Seller account. The issue was reported privately and has been resolved...
Mozilla: RCE on worker host due to unsanitized "env" variable name in task definition on community-tc.services.mozilla.com
The task definition attempted to escape parameters passed to the podman command before running the container, but the custom shell.escape function was not applied to the environment variable name, allowing for command execution on the worker host. The community-tc.services.mozilla.com instance...
U.S. Dept Of Defense: Reflected XSS via Keycloak on ███ [CVE-2021-20323]
The Keycloak 8.0 and prior versions contained a cross-site scripting vulnerability. An attacker could have executed arbitrary script by inserting a malicious payload in the path of a POST request to the /auth/realms/master/clients-registrations/openid-connect endpoint. This allowed the server to...
Node.js: Path traversal by monkey-patching Buffer internals
A path traversal vulnerability was introduced in the experimental permission model in Node.js 20 and 21 by monkey-patching Buffer internals. This allowed modification of the result of path.resolve, leading to traversal beyond the expected path...
HackerOne: IDOR vulnerability in unreleased HackerOne Copilot feature
An unreleased feature of HackerOne's Copilot was vulnerable to IDOR through a GraphQL mutation. By supplying another user's conversation ID, an attacker could have deleted conversations in the Copilot interface before this issue was addressed...
GitHub: RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention
A race condition was discovered in GitHub Enterprise Server that allowed an administrator to retain access permissions on repositories after transfer. This was possible by manipulating repository permissions through a GraphQL mutation during the transfer process. The vulnerability affected GitHub...
Internet Bug Bounty: [CVE-2023-38546] cookie injection with none file
A vulnerability was found in the libcurl library. By duplicating an easy handle with cookies enabled but no cookies loaded, and a nonexistent cookie file specified, an attacker could potentially inject cookies into a program using libcurl if a file named "none" was present and readable in the...
HackerOne: Hacker email disclosed on submission at hackerone hactivity
Vulnerability description not provided...
LinkedIn: Html injection in event Description
A vulnerability was found where HTML injection was possible in event descriptions on LinkedIn, allowing malicious links to be inserted and executed when users viewed search results. By adding a link with HTML markup as an event description and making the event public, the link would execute for...
Cognizant: Disclosure of the valid Cognizant credentials at the Postman collection
Vulnerability description not provided...
Tennessee Valley Authority: Incorrect Authorization leads to see other users Documents Uploaded
Vulnerability description not provided...
U.S. Dept Of Defense: IDOR to delete profile images in https:███████
A vulnerability was discovered in which profile images could be deleted through a GET request by supplying a user ID. This allowed unauthorized deletion of user profile images...
Tennessee Valley Authority: internal path disclosure via register error
Vulnerability description not provided...
Tennessee Valley Authority: captcha bypass leads to register multiple user with one valid captcha
Vulnerability description not provided...
Tennessee Valley Authority: access to profile & reset password page without authentication
Vulnerability description not provided...
HackerOne: New Search Feature: Search for non-public words in limited disclosure reports
A vulnerability was discovered that allowed an attacker to search for words in limited disclosure vulnerability reports on HackerOne and see if the word existed in the full report, rather than just the limited disclosure portion. This could potentially allow secrets contained within a full report...
LinkedIn: Stored XSS on LinkedIn App via iframe tag in Article
A stored cross-site scripting vulnerability was found in the LinkedIn mobile application that allowed JavaScript code to be executed when viewing specially crafted articles containing iframe tags. The issue was resolved after receiving the report...