NinjaGPT
NinjaGPT
Chaitin SafeLine is a popular WAF in China: https://github.com/chaitin/SafeLine cases: https://www.chaitin.cn/ https://pupumall.com/
## Summary During a comprehensive security assessment of CodiMD's open-source codebase, **ZAST.AI** identified an insecure file upload vulnerability affecting all versions. Notable implementation differences exist between higher versions (v2.5.4 -...
added "Best Practices for Mitigating and Detecting Insecure File Upload Vulnerabilities"
# RCE (unauthenticated) --- # Summary The RCE vulnerability was discovered on /api/function/execute in latest version of SIM. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character...
# Vulnerability CWE-601: URL Redirection to Untrusted Site ('Open Redirect') # Summary The login page URL can include a url parameter, and after authentication, users will be redirected to this...
# Gnuboard6 Stored XSS ### Vulnerability:Stored XSS (CWE-79) ### Severity:High ### Summary: This stored XSS vulnerability was discovered in the latest version of GnuBoard6. When registered users bookmark and reply...
## Summary In the latest version (v0.6.1) of HTTPBIN, the endpoint /base64 does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows...
# Summary In the latest version 6.0.0, all microservices' Spring Actuator interfaces have no access control whatsoever, allowing any user to access and obtain various configurations, environment variables, and other...
# Summary In the latest version 6.0.0, the OAuth logout functionality performs a URL redirect action when clearing tokens. However, this parameter is user-controllable and lacks security validation, allowing attackers...
# Summary In the latest version 6.0.0, the endpoint /api-user/users/file-anon (file-center service ) does not perform any security processing on uploaded files, allowing attackers to upload malicious code to the...