4072 matches found
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
✍️ Description Attacker able to delete any local picture with CSRF attack. It does not matter at all that phproject run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of filebrowser application. It does...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
✍️ Description Attacker able to delete any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to remove third-party from sales-order 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when removing third-party from sales-order ....
Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms
✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description CI in Spaghetti function when it asks for proxy. 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/1R8R261eHUPVK6BQRsemaU5CI3QpCI8d-/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger
✍️ Description The Facebook notifications of livehelperchat fbmessenger extension can be modified listing new notifications. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept Install the livechat Install fbmessenger extension...
Session Fixation in amirsanni/mini-inventory-and-sales-management-system
✍️ Description Application does not destroy session cookie after log out. An attacker can use the old cookie of any user to to manipulate application data even after log out. 🕵️♂️ Proof of Concept 1. Login to the application and copy the session cookie from the request. 2. Now logout from the...
Denial of Service in mcfriend99/bird
✍️ Description The Bird interpreter is vulnerable to memory leaks. This occurs due to memory being allocated but never freed during the compilation/interpretation process. 🕵️♂️ Proof of Concept Compile the interpreter with ASAN enabled. Run the interpreter and execute print123 and then exit. You...
Cross-site Scripting (XSS) - Stored in stevearc/pypicloud
✍️ Description i didn't know there was something like this 🕵️♂️ Proof of Concept details https://github.com/stevearc/pypicloud/issues/280 💥 Impact stored xss on admin panel many users still have older versions...
Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer
BUG ======== Stored xss via oexe file upload ACCOUNT ============= 1. user A--admin --victim 2. user B --demo user -- attacker STEP TO REPRODUCE ================== 1. from user B account create oexe file with bellow content...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/copystorage.phpL29 you echo a command built with untrusted user-input without sanitizing it : php &1"; echo "Command: $command\n"; // I can embed custom and malicious JS here echo...
Cross-site Scripting (XSS) - Stored in jam-py/jam-py
✍️ Description Stored XSS at comment box at suppliers Profile. In fact, all input has XSS. No input parameter is sanitized before saving in the database. 🕵️♂️ Proof of Concept 1. git clone https://github.com/jam-py/jam-py 2. cd jam-py && python setup.py install 3. cd demo 4. python server.py 5...
Prototype Pollution in thi-ng/umbrella
Description @thi.ng/paths is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete fix. mutIn function does not have fix implemented. Proof of Concept 1. Create the following PoC file: javascript // poc.js const paths = require'@thi.ng/paths' console.log"Before: ", .pollute...
Lack of proper access control on endpoint to delete evaluators
Description The /v1/evaluators/ route allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. The current implementation: Does not...
Admin account takeover due to allowed excessive guessing attempts for password reset code
This report is not public...
Denial of service by memory exhaustion
This report is not public...
Denial of service through memory exhaustion
This report is not public...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
in bigprof-software/online-rental-property-manager
💥 BUG privilege escalation bug to add references to a applicant . 💥 IMPACT unprivileged user can add references to a applicant 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
💥 BUG Stored xss via group name 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
Improper Access Control in xamarin/googleplayservicescomponents
✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️♂️ Proof of Concept Visit the following links to verify that you can use the service by...