4072 matches found
in hazelcast/hazelcast
Description The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...
in mybatis/generator
Description The isConfigFile function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...
in jetbrains/kotlin
Description The ModuleXmlParser.parse function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...
Cross-site Scripting (XSS) - Stored in cyrisxd/love-lock-card
Description Currenty, adding a "+ to the password, or a DOM element to the title, you can inject scripts into HA. I know that this library is meant to be not-secure by design, as stated in the README, and that if someone can update the Lovelance dashboard he can probably execute JS code in other...
in stanfordnlp/corenlp
Description When a malicious schema XML file is passed to getValidatingXmlParser, the parser is vulnerable to XXE when the SchemaFactory parses the schema XML file. In...
Cross-site Scripting (XSS) - Stored in saleor/saleor-dashboard
Description Because the dangerouslySetInnerHTML method is used to output the input value of the DOM, XSS vulnerabilities occur in many logics. Proof of Concept html " Impact Through this vulnerability, an attacker is capable to execute malicious scripts...
in mruby/mruby
Description There is a NULL Pointer Dereference in preparesingletonclass src/class.c:360:13. This bug has been found on mruby lastest commit hash 171d32c0071d776207174a40a8fa26def3dbb931 on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1.timesb= a=0 0,m:0 c=0=0,nil=nil0 def mend def c.eend Steps...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Description A CSRF issue is found in the SettingsLive help configurationCanned Messages. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Also while generating statistics, the action is done through GET method with no CSRF token. Two...
Cross-site Scripting (XSS) - Reflected in icecoder/icecoder
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Description A CSRF issue is found in the SettingsLive help configurationFile Configuration. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Proof of Concept Actual Request POST /siteadmin/file/configuration HTTP/1.1 Host:...
Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq
Description When creating a link using the editor function, the Stored XSS vulnerability occurs because a javascript scheme can be used. Proof of Concept txt 1. Go to campaigns - Mailing Campaigns - Editor 2. Enter the URL: javascript:alertdocument.domain 3. After, Click the URL Video :...
Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq
Description When building an app, an XSS vulnerability occurs in the app's name. Proof of Concept txt 1. Go to App Settings 2. Enter " as the name of the app Video : https://www.youtube.com/watch?v=dEFDHHGxzoY Impact Through this vulnerability, an attacker is capable to execute malicious scripts...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Description A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed. Proof of Concept Request POST...
Improper Input Validation in chatwoot/chatwoot
Description This vulnerability impacts all fields sent to Chatwoot. Any field that has an excessive amount of characters in it will cause the agent's page to take an abnormal amount of time to load, often requiring the content to be removed before the page will load. In my example, I put 20000000...
Cross-site Scripting (XSS) - Stored in admidio/admidio
Description I can send a message. In the here, I can create a link. But, when i create a link, I can use an onfocus/autofocus attribute after escape the href attribute because do not processing for double quote Proof of Concept txt 1. Open the...
Cross-site Scripting (XSS) - Stored in mautic/mautic
Description When installing Mautic both via UI or CLI the first and last name of the admin account are not sanitised before being stored in the database. This results in a possible stored XSS possibility, as those fields are displayed and re-used without any sanitisation. During install the raw...
in crater-invoice/crater
Description In recent Crater version e3f3809f tag: 6.0.1 customer with enabled portal function can upload PHP file instead of avatar. Proof of Concept POST /api/v1/company-name/customer/profile HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:97.0 Gecko/20100101...
in skylot/jadx
Description parseXml function in ExportGradleProject is not secured against XXE because it does not include the disallow-doctype-decl attribute, therefore JADX is vulnerable to XXE when parsing a malicious Android Manifest when exporting Android app to Gradle. In...
Cross-site Scripting (XSS) - Stored in e107inc/e107
A Stored Cross-Site Scripting XSS using svg exists in e107 version 2.3.1 Date: 12/1/2022 Exploit Author: Trương Hữu Phúc Contact me: + Github: https://github.com/truonghuuphuc + Facebook: https://www.facebook.com/DdosFulzac.auz1/ + Email: [email protected] + Product: e107 + Version: 2.3.1...
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
Description Hi there, I would like to report a CSRF vulnerability in yetiforcecompany/yetiforcecrm. This allows an attacker to create a new admin. Even when SameSite: Strict enable, this still can be exploited by an attacker with lowest privilege account E.g. guest. Proof of Concept + These are...
Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq
Description chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss Proof of Concept Impact This vulnerability is capable of stored XSS...
Heap-based Buffer Overflow in vim/vim
Description A Heap-based Buffer Overflow has been found in vim commit 3cf21b3 Proof of Concept base64 poc ZggwMDAwMDAwMDAwMDAwMDAwMBkwMDAwCmYIMDAwMDAwMCUlJSUlJSUlJSUlMDAwMDD8CmUlJSUl JSUlJSUlJSUlJQp2cwp2MP8wbwo= /fuzzing/vim/vim/src/vim -u NONE -X -Z -e -s -S ./poc -c :qa! ASan stack trace:...
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Description The Stored XSS vulnerability occurs because the menu editing function can insert a JavaScript Scheme as the value of the menu's HREF. Proof of Concept txt 1. Go to Content - Menu - Edit 2. Enter javascript:alertdocument.domain as the URL value using the Add or Edit menu function. 3...
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Description Hi there, I would like to report another CSRF in phoronix Proof of Concept 1. Install a local instance of phoronix 2. Create a benchmark and note down benchmark id 3. Access the link /?benchmark//&repeat, /?benchmark//&disable and /?benchmark//&remove and see that the benchmark is...
Exposure of Sensitive Information to an Unauthorized Actor in feross/simple-get
BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...
Exposure of Sensitive Information to an Unauthorized Actor in sscarduzio/elasticsearch-readonlyrest-plugin
Description elasticsearch-readonlyrest-plugin is using TLS. There are many serious vulnerabilities in early TLS that left unaddressed put organizations at risk of being breached. The widespread POODLE and BEAST exploits are just a couple of examples of how attackers have taken advantage of...
in log4js-node/log4js-node
BUG ======== any unprivileged user can see log file and sensitive information disclosed SUMMURY ============ log4js create log file to store the log . Log may contain many sentsitive information like username,password,token,api-key etc .\ So, this log file should not accessed by other user .\ But...
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Workflows Create Workflow Add Task/Event 2. Set a title with XSS payload, e.g: aa Impact XSS can have huge implications for a web application and its users. User...
Cross-site Scripting (XSS) - Stored in admidio/admidio
Description Stored xss Proof of Concept txt onmouseover="alert1"link Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...
Improper Privilege Management in delgan/loguru
BUG ======== unprivileged user can see log file and sensitive information disclosed SUMMURY ============ loguru create log file to store the log . Log may contain many sentsitive information like username,password,token,key etc .\ So, this log file should not accessed by other user .\ But when...
in stanfordnlp/corenlp
Description The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description pimcore is vulnerable to Stored XSS at Name field in the setting tab of the Global Targeting Rules. Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Marketing icon then choose Personalization / Targeting - Global Targeting Rules...
Business Logic Errors in silverstripe/silverstripe-framework
Description SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number. Proof of Concept 1.After login, go to Security page under the path /admin/security/ 2.Click on any member record 3.In the member edit form, enter a negati...
in ionicabizau/parse-url
Description urldomain validation bypass Proof of Concept parse-url not able verify urldomain properly when basic authentication is given .This allow to bypass hostname validation . Lets username is admin and password is password123@ and hostname is 127.0.0.1 . so the url will be...
in vim/vim
Description Memory Allocation with Excessive Size Value Proof of Concept base64 poc aAp2ewp5Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3NzcKXQo= vim -u NONE -X -Z -e -s -S ./poc -c :qa! ==1206187==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffff8 0x7f8 after adjustments for alignment, red zones...
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Description Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite. Proof of Concept 1. Install phoronix test suite on your system 2. Create a test suite 3. Open another tab in browser and go to the link /?localsuites/delete/-1.0.0, f...
Cross-site Scripting (XSS) - Generic in projectsend/projectsend
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Description Hi there, I would like to report a Cross Site Request Forgery in phoronix source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to...
Improper Access Control in snipe/snipe-it
Description A user with no rights for API tokens can view the page where API tokens can be generated and can generate API tokens. Proof of Concept - Create a user with no permission for anything i.e. everything on deny. - Log in with this user to the web application. - Visit...
SQL Injection in dolibarr/dolibarr
Description The searchusers parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Slow query example: POST /dolibarr-14.0.5/htdocs/compta/sociales/list.php HTTP/1.1 Content-Type:...
Business Logic Errors in dolibarr/dolibarr
Description The application does not check the input of price number lead to Business Logic error through negative price amount. Proof of Concept 1. Go to Product and Services area htdocs/product/index.php 2. Create a new or edit an item, insert a negative amount into Selling price field. Also in...
Cross-site Scripting (XSS) - DOM in mrdoob/three.js
Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is window.location.hash and sink is iframe.src Proof of Concept 1 Visit...
SQL Injection in pimcore/pimcore
Description The storeId parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept 1. Add items to Classification Store: Key definition, Group,... 2. Injection boolean base:...
Insecure Temporary File in mlflow/mlflow
Description mlflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...
Improper Access Control in chocobozzz/peertube
Description Unauthenticated users can obtain comments on private videos Proof of Concept Vísit the following API link where 123 is the ID of the private video: /api/v1/videos/123/comment-threads Response contains all the comments on that private video. Impact This vulnerability disclosure comment...
Heap-based Buffer Overflow in vim/vim
Description Heap-buffer-overflow in vim Command ./vim -u NONE -X -Z -e -s -S minpoc -c :qa! Proof of Concept minpoc is here. bt Program received signal SIGABRT, Aborted. GIraise sig=sig@entry=6 at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or...
Cross-site Scripting (XSS) - DOM in karma-runner/karma
Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is query parameter returnurl and sink is location.href. Proof of Concept 1 Start karma server and visit the following...
Cross-site Scripting (XSS) - Stored in outline/outline
Description outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS Proof of Concept Or here is the original video Impact This vulnerability is capable of Stored XSS...
Insecure Temporary File in horovod/horovod
Description horovod package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...
in unshiftio/url-parse
Description Improperly handeling username and password . And unable to detect the hostname . Proof of Concept url-parse not able verify basic authentication credential and also wrongly verifying hostname .This allow to bypass hostname validation .\ Lets username is admin and password is...