KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a...
HackerOne Bug Bounty Disclosure: b-existance-of-calendars-and-addressbooks-can-be-checked-by-unauthenticated-users-b-themarkib-x
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'themarkib0x0'Link to Submitters Profile:https://hackerone.com/b'themarkib0x0' Report Title:b'Existance of calendars and addressbooks can be...
HackerOne Bug Bounty Disclosure: b-nextcloud-all-in-one-path-disclosure-of-internal-frontend-b-shuvam
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'shuvam321'Link to Submitters Profile:https://hackerone.com/b'shuvam321' Report Title:b'Nextcloud All-In-One path disclosure of internal frontend'Report...
HackerOne Bug Bounty Disclosure: b-dos-in-form-submission-at-https-nextcloud-com-instant-trial-b-krrish-hackk
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'krrish_hackk'Link to Submitters Profile:https://hackerone.com/b'krrish_hackk' Report Title:b'Dos in Form Submission at https://nextcloud.com/instant-trial/'Report Link:https://hackerone.com/reports/1901396Date...
HackerOne Bug Bounty Disclosure: b-no-rate-limit-on-forgot-password-on-https-apps-nextcloud-com-b-cyber-world
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cyber_world_01'Link to Submitters Profile:https://hackerone.com/b'cyber_world_01' Report Title:b'No Rate Limit On Forgot Password on...
WithSecure Policy Manager cross-site scripting | CVE-2023-43763
NAME__________WithSecure Policy Manager cross-site scriptingPlatforms Affected:WithSecure Policy Manager 15 Windows WithSecure Policy Manager 15 LinuxRisk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WithSecure Policy Manager...
Galaxy Project Galaxy server-side request forgery | CVE-2023-42812
NAME__________Galaxy Project Galaxy server-side request forgeryPlatforms Affected:Galaxy Project Galaxy 22.01Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Galaxy Project Galaxy is vulnerable to server-side request...
RustCrypto aes-gcm information disclosure | CVE-2023-42811
NAME__________RustCrypto aes-gcm information disclosurePlatforms Affected:RustCrypto aes-gcm 0.10.0 RustCrypto aes-gcm 0.10.2Risk Level:4.7Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________RustCrypto aes-gcm could allow a local...
Contact Form by FormGet Plugin for WordPress cross-site scripting | CVE-2023-5125
NAME__________Contact Form by FormGet Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Contact Form by FormGet Plugin for WordPress 5.5.5Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting...
Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-41962
NAME__________Welcart e-Commerce plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
Kofax Power PDF information disclosure | CVE-2023-42100
NAME__________Kofax Power PDF information disclosurePlatforms Affected:Kofax Power PDFRisk Level:3.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Kofax Power PDF could allow a remote attacker to obtain...
Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-43614
NAME__________Welcart e-Commerce plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
Welcart e-Commerce plugin for WordPress SQL Injection | CVE-2023-43610
NAME__________Welcart e-Commerce plugin for WordPress SQL InjectionPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
FUXA directory traversal | CVE-2023-31718
NAME__________FUXA directory traversalPlatforms Affected:WordPress WP Job Portal Plugin for for WordPress 2.0.3Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________FUXA could allow a remote attacker...
Welcart e-Commerce plugin for WordPress directory traversal | CVE-2023-40532
NAME__________Welcart e-Commerce plugin for WordPress directory traversalPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
Gomarkdown markdown denial of service | CVE-2023-42821
NAME__________Gomarkdown markdown denial of servicePlatforms Affected:gomarkdown markdownRisk Level:6.2Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Gomarkdown markdown is vulnerable to a denial of service, caused...
Welcart e-Commerce plugin for WordPress SQL Injection | CVE-2023-43493
NAME__________Welcart e-Commerce plugin for WordPress SQL InjectionPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-43484
NAME__________Welcart e-Commerce plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
AutomataCI security bypass | CVE-2023-42798
NAME__________AutomataCI security bypassPlatforms Affected:AutomataCI AutomataCI 1.4.1Risk Level:7.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________AutomataCI could allow a remote attacker to bypass security restrictions, caused by...
PHP-Login-System cross-site scripting | CVE-2023-38876
NAME__________PHP-Login-System cross-site scriptingPlatforms Affected:PHP-Login-System PHP-Login-System 2.0.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHP-Login-System is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Accusoft ImageGear buffer overflow | CVE-2023-28393
NAME__________Accusoft ImageGear buffer overflowPlatforms Affected:Accusoft ImageGear 20.1Risk Level:5.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Accusoft ImageGear is vulnerable to a stack-based buffer overflow, caused by...
Welcart e-Commerce plugin for WordPress file upload | CVE-2023-40219
NAME__________Welcart e-Commerce plugin for WordPress file uploadPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-41233
NAME__________Welcart e-Commerce plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Welcart e-Commerce plugin for WordPress 2.8.21 WordPress Welcart e-Commerce plugin for WordPress...
PHP-Login-System cross-site scripting | CVE-2023-38875
NAME__________PHP-Login-System cross-site scriptingPlatforms Affected:PHP-Login-System PHP-Login-System 2.0.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHP-Login-System is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
