4072 matches found
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description Reflected XSS in ping.php as IP parameter is not sanitized. 🕵️♂️ Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? 💥 Impact This vulnerability is capable of reflected XSS...
in w7corp/easywechat
✍️ Description The method encryptsensitiveinformation in BaseClient.php uses the RSA algorithm without OAEP padding, thereby making the encryption weak. In order to use RSA securely, the OAEP padding mode Optimal Asymmetric Encryption Padding must be used. This category was derived from the Cigita...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description Stored xss bug using a xss payload in the full name field, other fields like address, city, state will work as well. 🕵️♂️ Proof of Concept Create a new user with the following payload " in one of the fields i mentioned above; full name, address etc... browse to you're profile and...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description /app/admin/pageEditGroup.php with group-name parameter of pageEditGroup.php is vulnerable to Stored XSS. Line 203 of pageEditGroup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in...
Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system
✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...
Open Redirect in causefx/organizr
✍️ Description The file index.php passes unvalidated data to an HTTP redirect function on line 7. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks. The data is sent at header in index.php at line 7. 🕵️♂️ Proof of Concept The following PHP code instructs the...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php 🕵️♂️ Proof of Concept 1. Visit...
Cross-site Scripting (XSS) - Stored in falconchristmas/fpp
✍️ Description GET parameter &value= in fppjson.php is vulnerable to stored cross site scripting. Analysis Trace: 1. Application takes unvalidated user data in &value= from GET request of /fppjson.php?command=setSetting&plugin=&key=emailserver&value=ytes";alert1 2. Now visiting any application pag...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️♂️ Proof...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their invoice system. 🕵️♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description The /app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their invoice system. 🕵️♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description CI in Spaghetti function when it asks for custom agent. 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/11ljFoTHfge9tA2p9uezV9s1PvM62VC/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description CI in Spaghetti function when it asks for proxy. 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/1R8R261eHUPVK6BQRsemaU5CI3QpCI8d-/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description inurlbr function is vulnerable to CI of exploitation.py 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/1HpID3CrNAqK7t0C2JttP75Eqptha6r-D/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection. 🕵️♂️ Proof of Concept // PoC whatweb CI https://drive.google.com/file/d/1mrYiu7oTaAm2qjLDKz23VMUkiujafTh/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection 🕵️♂️ Proof of Concept POC screenshot: https://drive.google.com/file/d/1zShz68hGd5zcpB1fpk4KVv5TDS6-vXT/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description ?tab= parameter is vulnerable to Cross Site Scripting. Line 1974 of backup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code of XSS. 🕵️♂️ Proof of Concept POC SCREENSHOT: 1. Just visit /settings.php?tab=alert1 and XSS will be pop...
OS Command Injection in falconchristmas/fpp
✍️ Description Application is reading invalidated user input at Line 44 through: $plugin = $pluginInfo'repoName';. Line 57 in plugin.php calls system to execute a command. This might allow an attacker to inject malicious commands. 🕵️♂️ Proof of Concept SCREENSHOT:...
in beestat/app
✍️ Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...
Cross-site Scripting (XSS) - Stored in nebulade/meemo
✍️ Description Stored xss in meemo file create functionality 🕵️♂️ Proof of Concept Payload: Test POC screenshot: https://drive.google.com/file/d/1aLBRIdU2AAz-RXa6uEF0IiWfks5jHMu/view?usp=sharing Tested on the demo website of the latest release. To reproduce create a file and add the following...
in alovoa/alovoa
✍️ Description Random.setSeed should not be called with a constant integer argument. If a Random object is seeded with a specific value, the values returned by Random.nextInt and similar methods which return or assign values are predictable. 🕵️♂️ Proof of Concept Vulnerable code of:...
Cross-site Scripting (XSS) - Stored in microweber/microweber
✍️ Description Hello, I found CSRF + XSS on website so the impact of XSS could be presented. There is no CSRF token or protection on: http://example.microweber.me/checkout/contact-information-save CSRF HTML PoC: history.pushState'', '', '/' and when we submit request XSS gets executed at the same...
OS Command Injection in mrchuckomo/poddycast
✍️ Description The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code. XSS Being an application made in electron, an XSS can be scaled to RCE, making it possible to execute commands on the machine where...
Improper Access Control in dani-garcia/vaultwarden
✍️ Description Vaultwarden allows users to share files and texts securely with anyone. This feature enables the user to control the number of accesses to a file or text and also the expiration date. A person, to retrieve one of these files, needs to access the share link in a browser. This link...
in hascheksolutions/opentrashmail
✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...
OS Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Command Injection due to unsanitized variable named algo 🕵️♂️ Proof of Concept 💥 Impact CI with the highest privilege...
OS Command Injection in fabio286/antares
✍️ Description The application displays the connection error message returned by the server without removing the malicious tags, which leads to XSS attacks. https://imgur.com/3MhhvFp.png https://i.imgur.com/RksNgXF.png Being an application made in electron, an XSS can be scaled to RCE, making it...
in phpservermon/phpservermon
✍️ Description The program creates a cookie without setting the secure flag to true. Modern web browsers support a secure flag for each cookie. If the flag is set, the browser will only send the cookie over HTTPS. Sending cookies over an unencrypted channel can expose them to network sniffing...
in phpservermon/phpservermon
✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...
in lavv17/lftp
✍️ Description Whilst testing lftp built from commit d67fc1 with Clang 13 +ASan on Ubuntu 20.04.2 LTS, we discovered a crafted file which triggers a null pointer dereference and segfault. 🕵️♂️ Proof of Concept echo "aiYgAQEBNA==" | base64 -d /tmp/file.fuzz && ./lftp -f /tmp/file.fuzz The above POC...
Stack-based Buffer Overflow in rup0rt/pcapfix
Description A stack over flow was found in pcapfix in function fixpcappackets in pcap.c at line 550 The root cause seem at line 458 , there is an int overflow if filesize-pos-sizeofpackethdr is negative. Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept...
Heap-based Buffer Overflow in rup0rt/pcapfix
Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 1571 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==618350==ERROR:...
Heap-based Buffer Overflow in rup0rt/pcapfix
Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 216 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==603793==ERROR:...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description The questionary section of livehelperchat can be modified listing new question . However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept Install the livechat Go on...
Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger
✍️ Description The Facebook notifications of livehelperchat fbmessenger extension can be modified listing new notifications. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept Install the livechat Install fbmessenger extension...
Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer
✍️ Description SSRF via SVG due to improper processing of SVG files. 🕵️♂️ Proof of Concept Payload: https://drive.google.com/file/d/1q-GHJ01p8Ssok1GWN-QxSznBy1JGvY8x/view?usp=sharing Download and upload it on the server and run the server on port 8000 and then view the file. 💥 Impact This...
Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer
✍️ Description SSRF protection bypass via crafted payload which leads to SSRF. 🕵️♂️ Proof of Concept Payload: 2130706433 This is the decimal way of representing localhost which resolves to localhost. 💥 Impact This vulnerability is capable of SSRF...
Open Redirect in kalcaddle/kodexplorer
✍️ Description Open redirection via SVG file uplaod which redirects users to different site. 🕵️♂️ Proof of Concept Steps to reproduce: 1. download and upload the file https://drive.google.com/file/d/1yt4-5lgFS7ZGJog1uXAQ5rMxKGgVq/view?usp=sharing 2. View the file. 💥 Impact This vulnerability is...
in kalcaddle/kodexplorer
✍️ Description During file upload, there is no check if the file is already present or not which causes file to overwrite existing file. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create 2 files of the same name and of different content. 2. Upload the first file and then the second file, you...
in phpservermon/phpservermon
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
Cross-Site Request Forgery (CSRF) in erudika/scoold
✍️ Description The /voteup/question/ endpoint does not have a CSRF protection. This could be exploited by an attacker to manipulate votes in a question. 🕵️♂️ Proof of Concept An attacker creates the following web page and sends a link to a logged in user. // PoC.html Click Here When an...
in kalcaddle/kodexplorer
💥 BUG direct file url leaked for eml file 💥 IMPACT user can upload eml file and can share this . After sharing this file , it will leak direct link of this file .\ Which allow to download this file even when sharing is disabled . 💥 STEP TO REPRODUCE 1. First goto your kodexplorer admin account an...
in kalcaddle/kodexplorer
💥 BUG any user can download any file 💥 IMPACT download any kodexplorer uploaded file 💥 STEP TO REPRODUCE 1. First goto your kodexplorer admin account and visit desktop .\ Now upload a txt file called a.txt to desktop .\ 2. Now open another browser and visit...
None in babybuddy/babybuddy
✍️ Description Improper restriction at login portal which lets an attacker brute force user's accounts. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1udzAGroSqDbEqPRYlUzv7bHgHq7oMNuk/view?usp=sharing You will get 200 for incorrect as it opens the same page for login and 302...
in polonel/trudesk
✍️ Description trudesk is vulnerable to arbitrary file upload. The app is allowing upload files, such as text/html. Consequently, It is possible to exploit XSS. 🕵️♂️ Proof of Concept 1. Create a ticket. 2. Access the ticket created and upload an HTML file which contains . 3. Access the HTML file...
Session Fixation in amirsanni/mini-inventory-and-sales-management-system
✍️ Description Application does not destroy session cookie after log out. An attacker can use the old cookie of any user to to manipulate application data even after log out. 🕵️♂️ Proof of Concept 1. Login to the application and copy the session cookie from the request. 2. Now logout from the...
Heap-based Buffer Overflow in squell/id3
✍️ Description While testing id3 built from commit 0de713 with Clang 13 +ASan on Ubuntu 20.04.2, we discovered a POC which triggers a heap-buffer-overflow in tag::unbinarize. This particular flaw was discovered with the help of honggfuzz. 🕵️♂️ Proof of Concept echo...
Cross-site Scripting (XSS) - Stored in polonel/trudesk
✍️ Description trudesk is vulnerable to XSS via chat. 🕵️♂️ Proof of Concept 1. Send a message with the content . PoC video 💥 Impact JavaScript code execution...