4057 matches found
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/unpublish Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept // PoC.html...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/user/2/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept // PoC.html...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/system/recalculateUserQuota Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept //...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept // PoC.html...
in babybuddy/babybuddy
✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any Module if attacker knows the ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Module with id 167 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any Product in My shop section if attacker knows the ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Product with id 9 has been deleted...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any customer if knows the customer ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to batch delete any Website pages if knows the pages id parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the files with id from 9 to 15 have been deleted...
Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition
✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️♂️ Proof of...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
Cross-Site Request Forgery (CSRF) in pimcore/pimcore
✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...
Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
✍️ Description You don't check CSRF token in following endpoint /timers/1/restart/ with PoC.html attacker able to reset timer with id equal to 1. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is capable of reset any timer...
Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
✍️ Description You don't check CSRF token in following endpoint /timers/1/stop/ with PoC.html attacker able to stop timer with id equal to 1. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is capable of stop any timer...
Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
✍️ Description You don't check CSRF token in following endpoint /timers/add/quick/ with PoC.html attacker able to add quick timers. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is capable of ad quick timers...
Cross-site Scripting (XSS) - Stored in apostrophecms/apostrophe
✍️ Description : An attacker could upload a specially crafted SVG image containing malicious scripting code. When following a link to this image, the code would be executed. 🕵️♂️ Proof of Concept : // PoC.js var payload = ... Link POC using Demo --...
Session Fixation in projectsend/projectsend
✍️ Description Project Send contains a Session Fixation Vulnerability. This vulnerability is one that can allow an attacker to fixate find or set another person’s session identifier. This most commonly happens when session tokens are now refreshed or renewed when they should be. It looks like the...
None in polonel/trudesk
1Go to https://docker.trudesk.io/ 2Enter the username and password 3Capture the request and start bruteforcing the password IMPACT: Account takeover...
in yiisoft/yii2
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in BaseMailer.php at line 346. 🕵️♂️ Proof of Concept ?php echo...
in yiisoft/yii2
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in CaptchaAction.php at line 217. 🕵️♂️ Proof of Concept ?php...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in easysoft/zentaopms
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in zeromq/pyzmq
✍️ Description The paramiko.WarningPolicy policy used in setmissinghostkeypolicy will not reject unknown host keys. This may lead to Man-in-the-middle attacks. 🕵️♂️ Proof of Concept client = paramiko.SSHClient client.loadsystemhostkeys client.setmissinghostkeypolicyparamiko.WarningPolicy 💥 Impact...
in pimcore/pimcore
1Go to https://demo.pimcore.fun/en/account/register 2Enter the username and password 3Choose the password as 'a' and the account will be created...
Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-site Scripting (XSS) - Reflected in dolibarr/dolibarr
Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious...
Cross-Site Request Forgery (CSRF) in pimcore/pimcore
✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...
Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta
✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...
Business Logic Errors in pimcore/pimcore
✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. 🕵️♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. 💥 Impact It...
Inefficient Regular Expression Complexity in erxes/erxes
✍️ Description If we want to use Regex in our match or search or replace or … functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in alovoa/alovoa
✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. 🕵️♂️ Proof of Concept org.springframework.security spring-security-oauth2-client...
in janeczku/calibre-web
✍️ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. 🕵️♂️ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. 🕵️♂️ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...
in kestasjk/webdiplomacy
✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. 🕵️♂️ Proof of Concept...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
✍️ Description CSRF bug to watch a game 🕵️♂️ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...