15268 matches found
TikTok: Reflected Cross-site Scripting (XSS) at https://www.tiktok.com/
Vulnerability description not provided...
GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection
Vulnerability description not provided...
Nextcloud: End-to-end encrypted file-drops can be made inaccessible
An end-to-end encrypted file-drop vulnerability allowed attackers to modify the metadata file and make the uploaded file inaccessible. The vulnerability could break the availability of the file. The issue was resolved by not providing the metadata file to the user and appending the new entry in t...
Nextcloud: No rate limit while adding Additional emails feature
Vulnerability description not provided...
curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check
Vulnerability description not provided...
Mozilla: Race condition leads to add more than 5 email at Data breaches monitor system at https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net
A race condition vulnerability was identified in the Mozilla Monitor application. The application was designed to limit users to adding a maximum of 5 email addresses for monitoring potential data breaches. However, due to the race condition, it was possible to bypass this restriction and add mor...
Mozilla: HTML Injection at https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net/user/unsubscribe
An HTML injection vulnerability was discovered on the "Unsubscribe" page of the website. This vulnerability allowed an attacker to inject malicious code, potentially leading to various attacks against users of the application...
Internet Bug Bounty: CVE-2023-27537: HSTS double-free
A double-free vulnerability was discovered in libcurl's support for sharing HSTS data between separate handles, which could result in a use-after-free or double-free when two threads share the same HSTS data without proper mutexes or thread locks...
Nextcloud: Blind SSRF as normal user from mailapp
Vulnerability description not provided...
Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still
A vulnerability was found in libcurl that allowed the reuse of a previously created SSH connection even when an SSH related option had been changed that should have prohibited reuse. This was due to two SSH settings being left out from the configuration match checks, making them match too easily...
Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use
A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...
Internet Bug Bounty: CVE-2023-27535: FTP too eager connection reuse
A vulnerability was found in libcurl versions 7.13.0 to 7.88.1 that allowed the reuse of previously created FTP connections even when one or more options had been changed, leading to the second transfer being done with wrong credentials. This was due to several FTP settings being left out from th...
Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy
A vulnerability was discovered in curl's SFTP implementation that allowed the tilde character to be used as a prefix in the first element of a path, resulting in the wrong path being accessed. This could be exploited to circumvent filtering or other security measures. The vulnerability was presen...
Internet Bug Bounty: CVE-2023-27533: TELNET option IAC injection
A vulnerability CVE-2023-27533 was found in curl versions 7.7 to 7.88.1 that allowed users to pass on user name and "telnet options" for server negotiation without proper input scrubbing, potentially allowing for the injection of unintended TELNET commands to the telnet connection. The severity o...
U.S. Dept Of Defense: Sensitive Data Exposure via wp-config.php file
Sensitive data exposure occurred via the wp-config.php file, which contained confidential information such as MySQL and AWS credentials and various keys. The vulnerability was found on a specific endpoint, and it could potentially provide unauthorized access to sensitive information to users who ...
Fastly VDP: CVE-2018-6389 exploitation - using scripts loader
Vulnerability description not provided...
Fastly VDP: Unauthenticated cache purging
An unauthenticated cache purging vulnerability was found in the website of Fanout.io, allowing unauthenticated users to purge the cache of the website. This could potentially lead to various types of attacks such as website defacement, unauthorized access to sensitive data, or denial of service D...
Internet Bug Bounty: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
A vulnerability was found in Apache HTTP Server's modproxyuwsgi, affecting versions 2.4.30 through 2.4.55. The issue allowed special characters in the origin response header to truncate or split the response forwarded to the client, potentially resulting in security headers being ignored by the...
Internet Bug Bounty: UAF in OpenSSL up to 3.0.7
A use-after-free vulnerability was found in OpenSSL up to version 3.0.7 following BIOnewNDEF calls. This could result in a crash when the BIOpop function is called after BIOnewNDEF fails and improperly cleans up the BIO chain. The vulnerability impacts the public API functions...
Internet Bug Bounty: Potential DoS vulnerability in Django in multipart parser
A potential denial-of-service vulnerability was discovered in Django's multipart parser, which could result in too many open files or memory exhaustion. This vulnerability was fixed in Django 3.2.18, 4.0.10, and 4.1.7 by limiting the number of file parts parsed via a new setting. The severity of...
Shipt: Improper Access Control + Financial fraud allows attacker to disclose + add arbitrary products to another's user's order
The vulnerability allowed an attacker to add arbitrary products to another user's order before it was placed. The attacker could also disclose the content of the victim's order, including their physical address. This was possible due to improper access control and lack of input validation on the...
Acronis: IDOR in backup recovery functionality
The vulnerability allowed an authenticated attacker to recover a backup belonging to another user by using the user's machine UUID, backup ID, and other parameters to configure and run a recovery plan...
Drugs.com: Stored Xss On "https://www.question.com/"
The vulnerability was a stored cross-site scripting XSS issue on the "https://www.question.com/" website. The vulnerability was discovered in the "ask" page, where a malicious script was injected directly into the web application. The impact of the vulnerability was that the malicious script coul...
GitHub: Authentication bypass on gist.github.com through SSH Certificates
An authentication bypass vulnerability was found in GitHub Enterprise Server that allowed unauthorized access to modify other users' secret gists through SSH certificates. The vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15,...
Nextcloud: Dos in Form Submission at https://nextcloud.com/instant-trial/
Vulnerability description not provided...
curl: CVE-2023-27538: SSH connection too eager reuse still
A vulnerability CVE-2023-27538 existed in the SSH connection reuse feature of cURL library. The vulnerability allowed for connection reuse even when different SSH keys were used, due to a broken check for SSH key matching. The vulnerability could potentially lead to unauthorized access to sensiti...
GitHub Security Lab: [Python] Unsafe unpacking using shutil.unpack_archive() query and tests
Vulnerability description not provided...
TikTok: 1 Click to 'Close Account and Refund' via POSTMESSAGE
A vulnerability was reported where a TikTok Ads endpoint sending postmessages sent POST requests without proper origin checks. This could have enabled a cross-site request forgery CSRF attack to force users to send malicious POST requests. The vulnerability was reported through responsible...
curl: CVE-2023-27537: HSTS double-free
A double-free vulnerability CVE-2023-27537 existed in libcurl's HSTS HTTP Strict Transport Security implementation due to a lack of exclusion control when processing HSTS with multi-threading. This could lead to a use-after-free UAF issue when other threads access entries. An attacker could explo...
Nextcloud: Users can set up workflows using restricted and invisible system tags
Vulnerability description not provided...
Nextcloud: Responsive Server-side Request Forgery (SSRF)
Vulnerability description not provided...
8x8: Unprotected Atlantis Server at https://132.226.█.█
Vulnerability description not provided...
Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution
An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...
Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution
An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...
curl: CVE-2023-27536: GSS delegation too eager connection re-use
A vulnerability existed in libcurl that could allow the reuse of previously established connections when more strict or no delegation was requested, due to different CURLOPTGSSAPIDELEGATION options not being taken into consideration. An attacker could potentially exploit this vulnerability to...
Nextcloud: Missing brute force protection for passwords of password protected share links
A missing brute force protection vulnerability was found in the password protection feature of shared files, allowing an attacker to bypass the password protection of the shared files due to the lack of rate limit. This could lead to unauthorized access to protected files...
HackerOne: SQL Injection in CVE Discovery Search
Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...
Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle
A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...
LinkedIn: Users can access exams in course without having to subscribe to PREMIUM
Improper access controls allowed users to access premium exams without subscribing...
curl: CVE-2023-27535: FTP too eager connection reuse
A vulnerability existed in libcurl FTPS protocol that allowed the reuse of a connection even if different credentials were specified for different connections, resulting in the use of cached credentials for the wrong content. The vulnerability was caused by the failure to refuse caching when...
curl: CVE-2023-27534: SFTP path ~ resolving discrepancy
A vulnerability CVE-2023-27534 existed in libcurl's Curlgetworkingpath function, which resolved as remote users' home directory in an undocumented way for the sftp protocol. This could lead to unexpected final paths for sftp access, allowing an attacker with partial path access to gain access to...
U.S. Dept Of Defense: XSS Reflected
A reflected XSS vulnerability was discovered in the web asset, allowing an attacker to inject and execute malicious code in a victim's browser...
GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group
A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...
Acronis: Reflected XSS in https://www.acronis.com/products/cyber-protect/trial/
Enter: https://www.acronis.com/products/cyber-protect/trial/?SFDCCampaignID=zz;alert;// will only work outside of USA I've tried several countries with VPN Impact Leaking users data and and modify the webpage...
Internet Bug Bounty: RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0
A remote code execution vulnerability was found in the Apache Airflow Sqoop Provider before version 3.1.1, due to improper input validation in the libjars parameter, allowing attackers to execute arbitrary system commands on the machine performing the MR task...
curl: CVE-2023-27533: Telnet option IAC injection
A vulnerability existed in the CURLOPTTELNETOPTIONS option of the cURL library, which allowed an attacker to inject unintended TELNET commands to the telnet connection by escaping out of the telnet subnegotiation. This could allow the attacker to execute arbitrary OS commands on the target system...
U.S. Dept Of Defense: Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file
An unauthenticated blind SSRF vulnerability was discovered on the xmlrpc.php file at a certain endpoint, allowing an attacker to send requests to external URLs and potentially conduct further attacks. Input validation and filtering are recommended to prevent such attacks in the future...
TikTok: CSRF in ticket function
A cross-site request forgery CSRF vulnerability was found on a TikTok Shop endpoint, which could have resulted in the arbitrary creation of tickets. The vulnerability was reported by @ibrahim0936356 to the TikTok team...
TikTok: Unrestricted File Upload on https://partner.tiktokshop.com/wsos_v2/oec_partner/upload
Vulnerability description not provided...
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
A vulnerability was found in the CGI::Cookie class that allowed an attacker to inject invalid attributes in the Set-Cookie header. Additionally, the cgi gem had a vulnerability that allowed an attacker to inject a malicious HTTP response header and/or body. The issue was fixed in versions 0.3.5,...