4072 matches found
Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor
Description Froxlor uses microtime to seed uniqid which is then hashed to produce a session token, microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones. Both microtime and uniqid are cryptographically...
Improper Access Control in collectiveaccess/pawtucket2
Description After the previous patch fix, users can join the Root group by specifying http://PAWTUCKET-URL/pawtucket/index.php/LoginReg/joinGroup/groupcode/ Proof of Concept http://PAWTUCKET-URL/pawtucket/index.php/LoginReg/joinGroup/groupcode/ Impact Attackers can join the Root group without bei...
Cross-site Scripting (XSS) - Reflected in shannah/xataface
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Session Fixation in gunet/openeclass
Description The Cookie before & after user login doesn't change Proof of Concept // PoC.js 1 Load website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values Impact Through other attack methods such as XSS, the attacker can store the user'...
Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos
Description in some delete actions I change the HTTP request method to GET and Also remove the CSRF token from request and then I able to Bypass your CSRF protection...
in jonschoning/espial
Description Weak password implementation Proof of Concept step 1: login into account goto https://esp.ae8.org/Settings/Password step 2: change password demo to 12 or 1 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image for your reference...
in mruby/mruby
Description NULL Pointer Dereference on easet Proof of Concept // poc.rb ...1, From: +- 2 Result mruby/bin/mruby poc.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==28787==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 pc...
in aces/loris
Description It is possible to perform a clickjacking attack due to the lack of frame restrictions such as X-Frame-Options: DENY Proof of Concept Tested :: https://demo.loris.ca/ https://drive.google.com/file/d/1oSi2JpYnPjjoL6QvhFnsHcTD94KMzKBj/view?usp=sharing Impact Clickjacking is an...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description CSRF in flushing peer Proof of Concept 1. Login stafff/admin account 2. Access this link https://unit3d.site/dashboard/flush/peers 3. See that the peers has been flushed. Impact This vulnerability is capable of flushing peers...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored XSS Content allows for the arbitrary execution of JavaScript Proof of Concept In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS will trigg...
Inefficient Regular Expression Complexity in chocobozzz/peertube
Description Hello Again dear Peertube team. I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code. Proof of Concept I create two...
in zoujingli/thinkadmin
Description upload file to any path Proof of Concept User can upload file to any path by path-traversal POST /admin/api.upload/file.html HTTP/2 Host: v6.thinkadmin.top Cookie: lang=zh-cn; PHPSESSID=88a2945fb139bb74f87137d2144709ab; limit=20 Content-Length: 14170 Sec-Ch-Ua: "Google Chrome";v="93",...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored xss Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1hyN4X9gIgQJH2B5QEFhkniGt78sIw1iF/view?usp=sharing Impact Xss allow to arbitary javascript code execution...
in sbrl/pepperminty-wiki
Unrestricted Upload of File with Dangerous Type allows javascript injection Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file...
Cross-site Scripting (XSS) - Reflected in dmpop/mejiro
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here a Planning start and end times with itemsid 3will be...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change emoticons activation status if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally emoticons deactivated //POC.html history.pushState'', '',...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to delete any Profile filed with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Change List Password with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
OS Command Injection in zacanger/is-program-installed
✍️ Description There is "OS Command Injection" vulnerability on "is-program-installed" npm package. This package tries to understand the given parameter name program or binary name is installed in the computer or not. However, since this package does not properly control the characters in the...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to change the email of a user with PoC.html 🕵️♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete repositories History with PoC.html 🕵️♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create users with PoC.html 🕵️♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...
Inefficient Regular Expression Complexity in terkelg/prompts
✍️ Description The prompts package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
✍️ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable of stored XSS...
Cross-Site Request Forgery (CSRF) in imran300/inventory
✍️ Description You didn't set any CSRF protection for deactivating a user. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be deactivated. 💥 Impact This vulnerability is capable of deactivate any...
Inefficient Regular Expression Complexity in x-neuron/antdfront
✍️ Description A ReDoS regular expression denial of service flaw was found in the antdFront package. An attacker that is able to provide crafted input to the isUrlinput function may cause an application to consume an excessive amount of CPU. 🕵️♂️ Proof of Concept Create the following poc.mjs //...
in pimcore/pimcore
✍️ Description It is possible to enumerate usernames via the forgot password functionality 🕵️♂️ Proof of Concept When entering an username that is not registered in the application the response reads "User unknown". The following curl command demonstrates this: curl -i -s -k -X $'POST' \ -H...
SQL Injection in phili67/ecclesiacrm
✍️ Description SQL Injection SQLi found in search section for http://YOURIP/ecclesiacrm/v2/people/list/person. A SQL Injection allows an attacker to run SQL command remotely and can extract information such as password, usernames and other sensitive data. This SQLi is a blind SQLi and doesn't...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to rename any file with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to delete any folder with CSRF attack history.pushState'', '', '/' As you can see there is no CSRF token...
Cross-Site Request Forgery (CSRF) in aimeos/ai-client-html
✍️ Description Attacker able to pin any product in favorites with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Path Traversal in os4ed/opensis-classic
✍️ Description The ajax.php modname parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. 🕵️♂️ Proof of Concept // Ajax.php GET /Ajax.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302 Found Location: index.php...
SQL Injection in opensourcepos/opensourcepos
✍️ Description The Application is vulnerable to blind SQL Injection 🕵️♂️ Proof of Concept URL: https://dev.opensourcepos.org/suppliers/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
in circuitverse/circuitverse
✍️ Description no rate limit allow to send unlimited email to any mail address 🕵️♂️ Proof of Concept During forgot password there is no rate limit to send password-reset email which allow to send unlimited email to a mail address. bellow request is vulnerable to rate-limit bug POST /users/password...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Stored in imran300/inventory
✍️ Description Stored xss bug using a xss payload in the product name when adding a new categorie in the product page. 🕵️♂️ Proof of Concept Goto http://localhost/inventory/index.php/Category/listcategory and click on add category and copy paste the following xss payload and paste it in the...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any Announcements with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the Retrospectives Title when adding a new retrospective 🕵️♂️ Proof of Concept Goto http://localhost/retrospectives/showBoards and click on add more and copy paste the following xss payload in the title javascript " Click on safe and see the xss...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to upload any document with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-site Scripting (XSS) - Stored in aces/loris
✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out...
Open Redirect in slackero/phpwcms
✍️ Description Session hijacking via open redirection 🕵️♂️ Proof of Concept Steps to reproduce 1. Go to http://your-domain.tld/login.php?ref=http://attackers-domain.tld/? 2. Login to a valid account 3. You will be redirected to...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Message with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Organization with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...
Cross-site Scripting (XSS) - Reflected in forkcms/forkcms
✍️ Description The forkcms is vulnerable to XSS through settings translation 🕵️♂️ Proof of Concept 1. Go to https://demo.fork-cms.com/private/en/locale 2. In search box named "Reference code" input " 3. XSS payload will be executed 💥 Impact An attacker can execute JavaScript code in the website...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
✍️ Description Attacker is able to change a user profile state to private if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your profile state changed form public to private history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
✍️ Description Attacker able to delete any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...