15267 matches found
Mozilla: Subdomain takeover on one of the subdomain under mozilla.org
Vulnerability description not provided...
Mozilla: Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports
Vulnerability description not provided...
inDrive: #2 XSS on watchdocs.indriverapp.com
An XSS vulnerability was discovered on watchdocs.indriverapp.com. The vulnerability allowed execution of JavaScript on the user's browser...
inDrive: #1 XSS on watchdocs.indriverapp.com
The security vulnerability found on watchdocs.indriverapp.com allowed for cross-site scripting XSS attacks. The vulnerability was triggered by crafting a specific URL that executed arbitrary JavaScript code when accessed by users...
Basecamp: Spam & Clearance checks disabled with existing referenced Message-ID
A vulnerability in the inbound email processing allowed crafted emails to bypass spam filtering and The Screener when they appeared to be in reply to an existing thread...
Automattic: Stored XSS on wordpress.com
A Stored XSS vulnerability was found on WordPress.com via app.crowdsignal.com. An attacker could execute malicious script code in the victim user's browser and redirect them to malicious sites by creating a poll with a specific payload and sharing the link on a WordPress post. The vulnerability w...
TikTok: CRLF to XSS & Open Redirection
Due to inadequate input validation, a vulnerability allowed for the injection of CRLF HTTP Response Splitting into a parameter on a TikTok seller endpoint. This could have resulted in Reflective XSS Cross-Site Scripting and open redirection attacks. The vulnerability has been resolved...
Nord Security: Subscription check bypass of NordVPN service
An issue was discovered in one of NordVPN's backend services that allowed users to bypass the subscription check and access the VPN service without a valid subscription. The exploitation of this issue required performing specific steps each time a user wanted to connect to the VPN service. The...
Internet Bug Bounty: [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
A ReDoS-based DoS vulnerability was discovered in the GlobalID gem, affecting versions 0.2.1 and above. Crafted input could cause the regular expression engine to consume excessive processing time, leading to a denial of service. The issue has been fixed in version 1.0.1...
Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
A regular expression based Denial of Service DoS vulnerability was discovered in Active Support. The vulnerability allowed for a specially crafted string to cause the regular expression engine to enter a state of catastrophic backtracking, leading to excessive CPU and memory usage. The...
Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing
A denial of service vulnerability was discovered in the multipart parsing component of Rack. This vulnerability could be exploited by carefully crafted input to cause the RFC2183 multipart boundary parsing in Rack to consume an unexpected amount of time, potentially leading to a denial of service...
Internet Bug Bounty: [CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
A denial of service vulnerability was discovered in the Content-Disposition parsing component of Rack. This vulnerability could be exploited by carefully crafted input to cause the parsing process to consume an unexpected amount of time, potentially leading to a denial of service attack. The...
Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing
A denial of service vulnerability was discovered in the Range header parsing component of Rack. This vulnerability could be exploited by sending carefully crafted input to the Range header, causing the parsing component to consume an unexpected amount of time and potentially leading to a denial o...
HackerOne: Asset Inventory Internal Descriptions are leaked in CSV export
An internal asset description in the Asset Inventory feature of HackerOne was leaked in the CSV export, potentially exposing sensitive information stored in the description...
Stripe: The `stripe/veneur` GitHub repository links to a domain `veneur.org`, which is not under stripe's control
The stripe/veneur GitHub repository contained a link to an external domain, veneur.org, which was not under Stripe's control. This posed a security risk as the domain could be exploited for phishing or supply chain contamination attacks. The link has since been removed from the repository, but ma...
Yelp: yelp.com XSS ATO (via login keylogger, link Google account)
The summary is as follows: The yelp.com website was found to be vulnerable to a cross-site scripting XSS attack. The vulnerability was caused by the website's improper handling of the "guvo" cookie, which was reflected in the HTML response without proper sanitization. Additionally, a feature on t...
Radancy: insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link
Domain and URL: http://███ https://███████ https://████/maximum-wiki-prod-app/ Summary: From a single link I have access to a multitude of uploaded files on the server. All I have to do is search for keywords such as "png" or "user" and I can retrieve the target file without authentication, witho...
TikTok: Dom XSS and open redirect in TikTok seller endpoint
Vulnerability description not provided...
GitHub Security Lab: [Python] Add Unicode Bypass Validation query tests and help
Vulnerability description not provided...
GitHub Security Lab: [Javascript]: Add new queries for Javascript Github Actions
Vulnerability description not provided...
TikTok: CSRF in seller-us.tiktok.com/profile/account-setting/delegation-login
Vulnerability description not provided...
HackerOne: Create miscellaneous support ticket on anyone's account through [email protected] email
A vulnerability was discovered where an attacker could create support tickets on anyone's account by sending a fake email to [email protected]. This allowed the attacker to create tickets on behalf of victims or even HackerOne staff. The issue was resolved internally and the created tickets...
Node.js: HTTP Request Smuggling via Empty headers separated by CR
HTTP Request Smuggling HRS was possible in Node.js v20.2.0 due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. The CR character without LF was sufficient to delimit HTTP header fields in the llhttp parser, which is not compliant with RFC7230...
HackerOne: 2M Reports on HackerOne Celebration! - Ability to bulk-submit many reports.
Vulnerability description not provided...
Python Cryptographic Authority: Error Page Content Spoofing or Text Injection
An error page content spoofing vulnerability was discovered on the cryptography.io domain. This vulnerability allowed an attacker to inject arbitrary text into the page, potentially leading to social engineering attacks. The issue has been resolved by removing the injected content from the page...
Internet Bug Bounty: CVE-2023-28319: UAF in SSH sha256 fingerprint check
A use-after-free vulnerability was found in libcurl's SSH server public key verification feature, affecting versions 7.81.0 to 8.0.1. When the verification check failed, libcurl would free the memory for the fingerprint before returning an error message containing the now-freed hash, potentially...
Nextcloud: Path traversal allows tricking the Talk Android app into writing files into it's root directory
Vulnerability description not provided...
Mozilla: Response Manipulation to enable Account recovery key with out current password
Vulnerability description not provided...
curl: Cache purge requests are not authenticated
Vulnerability description not provided...
Nextcloud: App stores client secret unencrypted in database
The client secret used to identify the Nextcloud server was stored in plain text in the database, making it vulnerable to unauthorized access...
Nextcloud: OAuth2 client_secret stored in plain text in the database
An OAuth2 client secret was stored in plain text in a database. If accessed without authorization, this would have allowed the client secret to be easily read, enabling impersonation of any OAuth2 client...
IBM: response manipulation leads to bypass in register at employee website than 0 click account takeover
Vulnerability description not provided...
Mozilla: Flickr API key leaked in GitHub commit
An API key was leaked in a GitHub commit. The key granted access to a Flickr account, allowing unauthorized access to uploaded photos and metadata without permission...
Internet Bug Bounty: CVE-2023-28322: more POST-after-PUT confusion
Libcurl, a popular open-source library for transferring data over HTTPS, had a vulnerability CVE-2023-28322 that could allow an attacker to inject data or cause the application to misbehave. The vulnerability was caused by a logic flaw that could cause libcurl to use the wrong callback function...
Internet Bug Bounty: CVE-2023-28321: IDN wildcard match
CVE-2023-28321 is a vulnerability in curl that allowed for improper validation of certificates with host mismatch. The private wildcard matching function in curl could match IDN International Domain Name hosts incorrectly, potentially accepting patterns that should have mismatched. This issue was...
inDrive: the domain is truck-admin.eu-east-1.indriverapp.com and Enter the management system of the blasting mobile phone verification code
Vulnerability description not provided...
U.S. Dept Of Defense: Endpoint Redirects to Admin Page and Provides Admin role
The web application running on Oracle Apex Express platform was found to have an endpoint that redirected users to the admin page and provided them with admin privileges, bypassing access control restrictions. The vulnerability was discovered by navigating to a specific page within the applicatio...
U.S. Dept Of Defense: Automatic Admin Access
The automatic administrative access vulnerability allowed a user to access the application with full administrative privileges, including the ability to create submissions, manage users, and access sensitive data. The vulnerability impacted the integrity, confidentiality, and availability of the...
ownCloud: Federated share permissions can be increased by recipient
The federated share permissions in Nextcloud allowed recipients to increase their permissions by sending a request to the server with the share token and ID, resulting in a security vulnerability...
Internet Bug Bounty: CVE-2023-28320 - siglongjmp race condition
A race condition vulnerability CVE-2023-28320 existed in libcurl's synchronous resolver, which could allow a multi-threaded application to crash or misbehave due to the use of a global buffer that was not mutex protected. The vulnerability could result in a denial of service...
U.S. Dept Of Defense: Leaks of username and password leads to CVE-2018-18862 exploitation
A set of credentials for a BMC Remedy ITSM system were publicly exposed and leaked, allowing an attacker to access the system with the rights of these users. The vulnerability, CVE-2018-18862, was exploited through incorrect access control, potentially allowing the attacker to list roles and...
Mozilla: If rate limit is hit, IP address is leaked to anyone who tries to login
The rate limit on the login page of Bugzilla allowed the IP address of a user to be leaked to anyone attempting to login after the rate limit was hit...
U.S. Dept Of Defense: Docker Registry without authentication leads to docker images download
An exposed Docker Registry HTTP API allowed attackers to download Docker images and potentially access confidential source code without authentication. The vulnerability was caused by a lack of access control on the registry and could have been mitigated by implementing proper access controls or...
U.S. Dept Of Defense: Reflected xss on https://█████████
The website was vulnerable to a reflected XSS attack due to a flaw in the check that verifies the validity of the redirect URL. Attackers could exploit this vulnerability to execute malicious scripts on the victim's browser, leading to potential account takeover, phishing, and other malicious...
Mozilla: Leakage of traffic in plaintext towards the IP address of VPN server
The VPN client was found to send traffic to the IP address of the current VPN server in plaintext. This could potentially be abused to track and deanonymize users, and could have a negative impact on the VPN's reputation as it would cause users to doubt whether their traffic is fully encrypted...
Mozilla: Leaking VPN traffic through non-RFC1918 local IP addresses
The vulnerability found in Mozilla VPN on Linux and iOS allows traffic to be sent outside the VPN tunnel to non-RFC1918 local IP addresses. This was achieved by configuring the local network to use a non-RFC1918 subnet, leading the VPN client to send traffic for those addresses outside the VPN. T...
Automattic: Stored XSS on wordpress.com
A Stored XSS vulnerability was found on WordPress.com via app.crowdsignal.com. An attacker could use this vulnerability to execute malicious script code in the victim user's browser and redirect them to malicious sites...
Nextcloud: Password reset endpoint is not brute force protected
The lostpassword flow in Nextcloud was missing brute force protection for the password reset endpoint, allowing attackers to potentially brute force the token without being throttled...
Mozilla: [Hubs] - Broken access control in placing objects in hubs room
A broken access control vulnerability allowed an attacker to bypass object creation and movement restrictions in Mozilla Hubs. By using specific commands in the chat feature, the attacker could place objects in a room even if the admin user had disabled these actions. The vulnerability did not...
Newegg: Endpoint disclosing user password
Summary: Hi team, @teamtsk here, while testing your assets I found user passwords getting leaked while editing the user profile. We can edit our profile by visiting https://secure.newegg.com/account/settings. In that, we can change our login email also, but we need the user's password to change o...