Account Takeover on unverified emails in File Sync & Share in Acronis
Reported an account takeover vulnerability that allows an attacker to claim accounts having unverified emails in File Sync & Share in Acronis.
References
Code Execution via Cross Site Scripting in Tagspaces (A file manager)
Reported a code execution via cross site scripting in TagSpaces. The XSS is used to escape the sandbox of electron to gain code execution in TagSpaces.
References
- https://huntr.dev/bounties/1-other-tagspaces/tagspaces/
- https://huntr.dev/bounties/1-other-tagspaces/viewerText/
Cross Site Scripting in digidocu
Reported a stored cross site scripting in digidocu.
References
Stored Cross Site Scripting in October CMS
Reported a stored cross site scripting by uploading XML file in October CMS.
References
active_url validation check bypass in Laravel
Reported and fixed a vulnerability in Laravel where active_url validation rule could be bypassed in a situation where a target has a subdomain localhost.
References
- https://huntr.dev/bounties/2-laravel/framework/
- https://github.com/laravel/framework/commit/c50087d457d3b2e2839f2e8b080f40832f4f7e46
- https://github.com/laravel/framework/pull/37675
POP Gadget using function injection in RequiredIf
Reported and fixed a vulnerability in Laravel where Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for deserialization vulnerabilities.
References
- https://huntr.dev/bounties/3-laravel/framework/
- https://github.com/laravel/framework/pull/37688
- https://github.com/laravel/framework/pull/37700
- https://github.com/ambionics/phpggc/blob/c42dbd18538324c4337655651fe41ad54d081399/gadgetchains/Laravel/RCE/8/gadgets.php#L18
Relative Path Traversal in Flarum using fake OAuth Provider
Reported a low impact Path Traversal where an OAuth Provider could read local files exploiting relative path traversal in Flarum.
References
Unrestricted access to any “connected pack” in docs in coda.io
Reported an Broken Access Control in coda.io where an attacker could leverage the trial feature to gain access to paid offerings.
References
XSS in Unified Transform (A school management software)
Reported a stored cross site scripting in Unified Transform (A school management software) where an attacker could gain access to student’s account as well as admin’s account.