15270 matches found
TikTok: Unrestricted File Upload on https://partner.tiktokshop.com/wsos_v2/oec_partner/upload
Vulnerability description not provided...
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
A vulnerability was found in the CGI::Cookie class that allowed an attacker to inject invalid attributes in the Set-Cookie header. Additionally, the cgi gem had a vulnerability that allowed an attacker to inject a malicious HTTP response header and/or body. The issue was fixed in versions 0.3.5,...
Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information
A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...
Internet Bug Bounty: JWT audience claim is not verified
An improper authorization vulnerability existed in all versions of Argo CD starting with v1.8.2, allowing the API to accept certain invalid tokens due to the lack of validation of the audience claim in signed tokens. This could allow an attacker to use a stolen token intended for a different...
Mattermost: Reset password link sent over unsecured http protocol
A vulnerability was found where the reset password link sent over email after creating a workspace was unsecured http protocol, allowing anyone from intermediate computers through network or sniffer to reset the password if the victim opens the link and forgets to update the password. The...
U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████
A directory traversal vulnerability was discovered in the downloadForm endpoint of a web application, allowing an attacker to read files on the system by adding "../" to the filename parameter. This could potentially lead to the disclosure of sensitive information or system compromise. The...
Internet Bug Bounty: Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen
A weak randomness vulnerability existed in WebCrypto keygen in Node.js 18, due to a change in EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. The vulnerability allowed for the possibility of non-cryptographically strong random data being used as keying material...
Internet Bug Bounty: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
A vulnerability was discovered in the HTTP request parsing of Node.js version 18.7.0 that allowed header fields to be incorrectly handled without carriage return line feed termination, enabling potential HTTP request smuggling...
Internet Bug Bounty: Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
A cryptographic vulnerability was found in nodejs-current that allowed openssl.cnf to be read from an insecure location upon startup on MacOS, potentially exposing encryption keys or certificates...
U.S. Dept Of Defense: WordPress application vulnerable to DoS attack via wp-cron.php
The WordPress application was vulnerable to a Denial of Service DoS attack via the wp-cron.php script, which could be exploited by sending a large number of requests to the script, causing it to consume excessive resources and overload the server, potentially leading to data loss and downtime. Th...
Mozilla: IDOR - send a message on behalf of other user
An insecure direct object reference IDOR vulnerability was discovered in the messaging feature of the website. This vulnerability allowed an attacker to send messages on behalf of other users by manipulating the session ID parameter in the request...
Expedia Group Bug Bounty: https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak
The info.php script on https://www.wotif.com was vulnerable to reflected HTML/CSS injection and COOKIE leak due to caching of HTTP headers. An attacker could inject malicious HTML/CSS code and steal victim cookies. The vulnerability was reported to the vendor...
U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)
A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...
IRCCloud: XSS from Mastodon embeds
An XSS vulnerability was discovered in the IRCCloud web client that allowed an attacker to execute arbitrary JavaScript in the context of the web client. This was possible due to the default embedding of Mastodon toots, which could be manipulated to include a malicious javascript: URL. By trickin...
Rocket.Chat: Unauthenticated full-read SSRF via Twilio integration
A Server-Side Request Forgery SSRF vulnerability was discovered in the Twilio webhook endpoint of Rocket.Chat before version 6.10.1. The vulnerability allowed unauthenticated full-read access...
HackerOne: information disclosure of another company bug on video.
An information disclosure vulnerability was discovered in a company's system and reported on a bug bounty platform. The vulnerability allowed access to sensitive information about the company and its subdomain. The vulnerability was disclosed publicly, potentially causing harm to the affected...
Internet Bug Bounty: HTTP multi-header compression denial of service
A vulnerability was discovered in curl versions 7.57.0 to 7.87.0 that allowed a malicious server to insert an unlimited number of compression steps by using many headers, resulting in a "malloc bomb" and a denial of service attack. The vulnerability was fixed in version 7.88.0 by capping the numb...
U.S. Dept Of Defense: HAProxy stats panel exposed externally
An exposed web panel for HAProxy running on a system allowed external access to the statistics page at port 1024, potentially exposing sensitive information...
Node.js: node.js process aborts when processing x509 certs with invalid public key information
A vulnerability existed in Node.js versions 18.14.2 and 19.7.0 that allowed malicious actors to cause a denial-of-service DoS by providing x509 certificates with invalid public key information. This vulnerability could lead to the termination of the Node.js process, resulting in interruptions to...
Brave Software: UXss on brave browser via scan QR Code
A UXss vulnerability was found in Brave browser on Android 13, allowing an attacker to execute Xss on all open domains by scanning a QR code containing a malicious URL. The vulnerability could potentially allow attackers to steal victim's cookies and affect various websites...
Uber: Complete Admin account takeover due to PhpDebugBar turned on in Uber's production server
A security vulnerability was discovered in Uber's production server on February 22, 2023. The vulnerability allowed an attacker to gain complete admin account takeover due to PhpDebugBar being turned on...
U.S. Dept Of Defense: Reflected XSS in ██████████
A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...
U.S. Dept Of Defense: Reflected XSS in ██████████
A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...
U.S. Dept Of Defense: Reflected XSS in ████████████
A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was located in the "home" parameter of the "auth/logout.jsx" page, which allowed an attacker to execute arbitrary JavaScript code in the victim's browser. This could lead to the theft of user cookies,...
Mozilla: Email user account in indexacao waybackurl
The indexation of a large number of user emails on the Internet Archive in the Mozilla accounts service, accounts.firefox.com, was discovered. The presence of the leaked data was reported to Mozilla, but it did not meet the criteria for a security risk due to the lack of a current flaw in a Mozil...
Mozilla: HTML Injection / Reflected Cross-Site Scripting with CSP on https://accounts.firefox.com/settings
A vulnerability was found on accounts.firefox.com, where the flowId parameter was reflected into the server response without being escaped for HTML, causing a Cross-Site Scripting attack. The Content-Security-Policy on Firefox's website prevented arbitrary JavaScript code execution, but an attack...
Tor: Snowflake server: Leak of TLS packets from other clients
TLS packets from other clients were leaked to Snowflake clients due to a vulnerability in the Snowflake pluggable transport server. This issue allowed Snowflake clients to receive "ghost" packets at the KCP layer, containing TLS packets unrelated to the current session. The leaked packets include...
LY Corporation: Reflected XSS on https://travel.line.me
A reflected cross-site scripting vulnerability was identified in the search feature of the travel platform at https://travel.line.me. JavaScript code in the search parameters was reflected back to the user...
Nextcloud: Basic auth header on WebDAV requests is not bruteforce protected
A basic authentication bypass vulnerability was discovered on WebDAV requests, due to a lack of rate limit protection. Attackers could brute force the password and gain full account takeover. The vulnerability was reported and fixed...
Mozilla: Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166)
Vulnerability description not provided...
U.S. Dept Of Defense: Email exploitation with web hosting services.
A vulnerability allowed an attacker to send emails to anyone using an organization's email list and to its people by uploading a PHP file to the public HTML. The vulnerability could result in reputation loss, phishing attacks, and the theft of internal information. Mitigation measures were not...
U.S. Department of State: Time Based SQL Injection
A Time-Based SQL Injection vulnerability was identified on a website that uses WordPress CMS. The vulnerability was found in the search function of the website, where a gap was observed in the search results. The vulnerability allowed an attacker to inject malicious code and potentially access th...
Internet Bug Bounty: CRLF Injection in Nodejs ‘undici’ via host
A vulnerability was discovered in the fetch API of Node.js versions 16.x, 18.x, and 19.x that allowed for CRLF injection in the 'host' header, potentially leading to attacks such as HTTP response splitting and HTTP header injection. The vulnerability was fixed in security releases...
Nextcloud: ID4ME does not validate signature or expiration
The ID4ME did not validate the signature or expiration, leading to a security vulnerability...
Nextcloud: CSRF protection on OIDC login is broken
The OIDC login CSRF protection in Nextcloud was broken, as the state code was being provided in the JSON response in case of a mismatch, making it easy for attackers to obtain the correct state. The impact of this vulnerability was that the CSRF protection provided with the state was practically...
Nextcloud: Nextcloud mail does not respect download permissions in shares
The Nextcloud mail application was found to not respect download permissions in shared files. This vulnerability could have allowed unauthorized access to shared files...
U.S. Dept Of Defense: Client side authentication leads to Auth Bypass
A client-side authentication vulnerability was discovered that allowed an attacker to bypass authentication and access sensitive data. By setting a specific parameter in the local storage, the attacker could gain access to the data without providing the correct password. The vulnerability was...
Internet Bug Bounty: CVE-2023-23919: Multiple OpenSSL error handling issues in nodejs crypto library
Multiple OpenSSL error handling issues were found in the Node.js crypto library. In some cases, Node.js did not clear the OpenSSL error stack after operations that may have set it, which could lead to false positive errors during subsequent cryptographic operations on the same thread and...
Node.js: The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1
The use of proto in process.mainModule.proto.require allowed bypassing the permission system in Node v19.6.1, enabling the loading of unauthorized dependencies...
8x8 Bounty: connect.8x8.com: Too much resource consumption of the server due to incorrect date range control via /api/v1/reports?dateFrom=
The server of connect.8x8.com was vulnerable to excessive resource consumption due to incorrect date range control via the /api/v1/reports endpoint. Attackers could cause the server to crash by repeatedly increasing the date range, potentially leading to a DoS attack. The vulnerability has since...
8x8 Bounty: connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan
A Blind SSRF vulnerability was discovered in the 8x8 Connect application's ChatApps module, which allowed for internal port scans via the /api/v2/chats/image-check API path and the url JSON parameter. The vulnerability was resolved by retiring the entire API path...
Malwarebytes: Rails Debug Mode Enabled On ( https://44.208.145.207/testrail/files.md5 )
Summary: A Ruby on Rails web application running in development mode was identified on a Malwarebytes server. The application exposed sensitive system information, including details about middleware components and application root paths, which should not be accessible in a production environment...
Internet Bug Bounty: CVE-2023-23915: HSTS amnesia with --parallel
Multiple transfers in parallel using curl's HSTS cache saving feature resulted in the cache file being overwritten by the most recently completed transfer, causing a later HTTP-only transfer to the earlier hostname to not get upgraded properly to HSTS, leading to a bypass of intended security...
Internet Bug Bounty: CVE-2023-23914: HSTS ignored on multiple requests
Multiple requests made using curl's HSTS functionality ignored the HTTPS protocol and used an insecure clear-text HTTP step instead. This was due to the state not being properly carried on, allowing the bypass of intended security controls. The vulnerability was assigned CVE-2023-23914 and had a...
HackerOne: HTML injection that may lead to XSS on HackerOne.com through H1 Triage Wizard Chrome Extension
An HTML injection vulnerability was discovered on HackerOne.com through the H1 Triage Wizard Chrome Extension. An attacker could inject malicious code into the triage questionnaire modal, potentially leading to the compromise of confidential information or impacting its integrity...
Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes
A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...
U.S. Dept Of Defense: Reflected XSS in ██████
A reflected XSS vulnerability was found on one of the subdomains of a system. The vulnerability was located in the emailbody parameter of the PreviewLetterhead.aspx page. An attacker could exploit this vulnerability to execute malicious scripts and steal user's cookies, launch phishing attacks, a...
TD Bank: Reflected XSS on marketsandresearch.td.com
Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...
Nextcloud: Blind SSRF in Mail App
Vulnerability description not provided...
HackerOne: Attachment in published HackerOne report exposure private program
Vulnerability description not provided...