-
### Describe your problem
i cloned and test the webpage
I found the vulnerability which takeover any users passwords including admin password.
when i try to find the idor like bug. I found this pas…
-
Allow for an account to be taken over. This is useful if a comma is sold and the seller didn't deactivate the account. Most times they do... but sometimes.... Oooooohhhhh - you sonofa-
Sometimes th…
-
### ⚠️ This issue respects the following points: ⚠️
- [X] This is a **bug**, not a question or a configuration/webserver/proxy issue.
- [X] This issue is **not** already reported on [Github](https…
r4q1 updated
6 months ago
-
### Service [Digital Ocean](https://digitalocean.com/)
### Status Vulnerable
### Nameserver
> ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com
### Explanation
To perform…
-
# Description
Login credentials should be posted only via POST request but get sent via GET request.
# Proof of Concept
```
https://demo.microweber.org/v2/api/user_login?username=admin&passwor…
-
## Description
Addition of Blockchain / Crypto Related Vulnerabilities from protocols, smart contracts, and zero knowledge.
## Changes
**Decentralized Application Misconfiguration**
Decentra…
nnons updated
5 hours ago
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Summary
I'd like Appsmith to support two-factor / multi-factor authentication via TOTP.
### Why should this b…
-
The changes in commit 703e2ca3c010b76c6af6260f1881869db97f17e9 introduces a risk of cross-site scripting (XSS) in the server message through the project wiki.
As the [Showdown documentation](https:…
-
### Service NS1
### Status Vulnerable
### Nameservers
dns1.p\*\*.nsone.net
dns2.p\*\*.nsone.net
dns3.p\*\*.nsone.net
dns4.p\*\*.nsone.net
### Explanation
If you have an NS1 account h…
-
https://emrdemo.security.samanvayfoundation.org/openelis/LoginPage.do Critical OWASP Authorization Testing It was observed that the target wasn't validating the password while login in to labtech acco…