Vulnerabilities tagged "web"

• Password Reset Code Rate-Liming Bypass in AWS Cognito

  11 May 2021

  Race conditions on the web are one of my favorite vulnerability classes.Easy and often fairly impactful...

• ASUS GT-AC2900 Authentication Bypass [CVE-2021-32030]

  11 May 2021

  The device administration web-app fails to properly validate the session cookie allowing for an unauthorized attacker to gain access.The issue depends on the internal ifttt_token not being set (default)...

• WordPress 5.7 XXE Vulnerability

  04 May 2021

  This one is just a silly issue.On PHP versions under 8 libxml_disable_entity_loader(true) is called to disable external entities...

• PHP Supply Chain Attack on Composer

  04 May 2021

  Composer will query Packagist to obtain metadata about the package to download.This includes where to fetch the code from (both source and pre-build archives)...

• Facebook account takeover due to unsafe redirects after the OAuth flow

  04 May 2021

  Two stage attack to fully takeover a facebook account.

• NoSQL Injections and Code Injection in Cockpip CMS

  20 April 2021

  Four pre-auth NoSQL injections (blind) as well as an authenticated PHP injection.

• Log Injection in SAP/Infrabox

  20 April 2021

  **Tl;dr** /api/log endpoint writes to a log file with attacker controlled data. Also attacker can write to any *.log file.

• [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers

  20 April 2021

  **Tl;dr** Grammarly will add users to the wrong organization if an attacker creates an org with an entityId that matches the victim’s but with extra whitespace at the end.

• Duo Two-factor Authentication Bypass

  20 April 2021

  Two 2FA bypassing, one based on auth state not being tied to the user's session, the other involved swapping a transaction id to trick the server into thinking the attacker's 2FA acceptance was the victim's.