4072 matches found
Path Traversal in dmpop/mejiro
Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...
Cross-site Scripting (XSS) - Reflected in dmpop/mejiro
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Cross-site Scripting (XSS) - Stored in dmpop/mejiro
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
in dmpop/mejiro
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish this...
Cross-site Scripting (XSS) - Reflected in area17/twill
Description The Application is vulnerable to reflected cross-site scripting attack. URL: /contact/offices/ Parameter: offset Proof of Concept Open the following URL in the browser for POC...
Inefficient Regular Expression Complexity in fb55/nth-check
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...
Cross-Site Request Forgery (CSRF) in microweber/microweber
Description Attacker able to delete any file In Files module if this module enabled there isn't any csrf protection in this endpoint. Proof of Concept After open the PoC.html file you can see that the file with name 1.jpg will be deleted. //PoC.html history.pushState'', '', '/'...
Prototype Pollution in antfu/utils
Description @antfu/utils is a collection of common JavaScript / TypeScript utils. It is vulnerable to Prototype Pollution on the deepMerge function. This allows for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. About the vulnerability Prototype Pollution...
Prototype Pollution in mariocasciaro/object-path
Description object-path package is vulnerable to Prototype Pollution. The del function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like toString on all objects. Proof of Concept Creat...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here a Planning start and end times with itemsid 3will be...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in tildeclub/site
✍️ Description The file signup-handler.php creates a user by accepting input from request parameters username, email, interest, sshkey. The affected parameter is sshkey. It does not sanitizes special characters and only checks if the first 4 character of the input is ssh- which allows the signup...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change emoticons activation status if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally emoticons deactivated //POC.html history.pushState'', '',...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change search setting “specific for one area such comments" if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally some...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change delete any banning record if a logged in user visits attacker website. because lack of CSRF token "checking" 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally blacklist record with...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change URL configuration if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your search URL changed form /search.php...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change social setting if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your facebook page changed to...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change search setting if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally some settings changed //POC.html...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to delete all caches if a logged in user visits attacker website. because lack of CSRF token. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally all caches are cleared //POC.html...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to delete any Profile filed with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Add any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visiting a...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Add any number of subscriber with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Send any Mass mailing with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Delete All Data in Tracker plugin with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Purge All Archive Messages with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to delete any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visitin...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Change List Password with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
OS Command Injection in zacanger/is-program-installed
✍️ Description There is "OS Command Injection" vulnerability on "is-program-installed" npm package. This package tries to understand the given parameter name program or binary name is installed in the computer or not. However, since this package does not properly control the characters in the...
in fisharebest/webtrees
✍️ Description A malicious actor, either logged in as an admin or after intercepting a request, is able to modify the path argument in the delete-path route, and can arbitrarily delete index.php or config.ini.php, rendering the site unusable. 🕵️♂️ Proof of Concept 1; An admin should navigate to...
Inefficient Regular Expression Complexity in clean-css/clean-css
✍️ Description It allows cause a denial of service when calling function isDataUriResource. 🕵️♂️ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...
Cross-site Scripting (XSS) - Stored in fisharebest/webtrees
✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...
Inefficient Regular Expression Complexity in yiminghe/async-validator
✍️ Description It allows cause a denial of service when validating crafted invalid URLs. 🕵️♂️ Proof of Concept // PoC.js var asyncValidator = require"async-validator" const validator = new asyncValidator.default v: type: 'url', , forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr =...
in bfabiszewski/libmobi
✍️ Description Overview This vulnerability is the use of out-of-range pointer offset, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all...
Code Injection in jerrod-lankford/google-voice-desktop-app
✍️ Description Attackers can execute malicious code on users computers using Google Voice Desktop App provided that users click on a malicious hyperlink in the app itself 🕵️♂️ Proof of Concept 1. Host the following index.html on a web server require'childprocess'.exec'calc'; 2. Users who click on...
in bfabiszewski/libmobi
✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...
in bfabiszewski/libmobi
✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create a SSH key with PoC.html 🕵️♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to change the email of a user with PoC.html 🕵️♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete repositories History with PoC.html 🕵️♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create users with PoC.html 🕵️♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html 🕵️♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...
Inefficient Regular Expression Complexity in prismjs/prism
✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️♂️ Proof of Concept...
Inefficient Regular Expression Complexity in cdr/code-server
✍️ Description The code-server package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansiRegex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...
None in vim/vim
✍️ Description Team, trust you are doing well. As part of continues fuzzing VIM v8.2.3425 in persistence mode, I found a heap use-after-free nvreplace. 🕵️♂️ Proof of Concept Affected version: VIM v8.2.3425 Tested on: Linux s157903 4.15.0-106-generic 107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x8664...
Inefficient Regular Expression Complexity in jaywcjlove/colors-cli
✍️ Description The colors-cli package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansi-regex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...
Open Redirect in alanaktion/phproject
✍️ Description open-redirect 🕵️♂️ Proof of Concept Bellow url is vulnerable to open redirect after login .\ it will redirect user to any arbitary site . http://localhost/phproject/login?to=http://example.com 💥 Impact Open redirect to any site...
Cross-site Scripting (XSS) - Stored in alanaktion/phproject
✍️ Description stored xss via svg file upload 🕵️♂️ Proof of Concept Here i uses demo site https://demo.phproject.org .\ 1. First goto any project and upload a svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ 2. Now open this svg file using url like...
Inefficient Regular Expression Complexity in terkelg/prompts
✍️ Description The prompts package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...
in getgrav/grav
✍️ Description Developers often set cookies to be accessible from the root context path "/". Doing so exposes the cookie to all web applications on the domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here User...