/dev/posts/

Vulnerabilities

Here are some of the vulnerabilities I found. A few were independently discovered by someone else.

Identifier Vulnerability
CVE-2026-50571 Risk of reflected cross site scripting and Content-Security-Policy bypass in the WebSub intent verification
N/A Host-ambiguous requests through $http_host in NGINX
N/A Host-ambiguous requests through Debian's NGINX proxy_params
N/A Pass-the-permission-ticket vulnerability in UMA 2.0
N/A Arbitrary code execution through kitty-open.desktop file association
CVE-2023-28371 Arbitrary file write (through directory traversal) in Stellarium
CVE-2023-27986 Emacs Lisp injection in Emacs
CVE-2023-27985 Shell command injection in Emacs
CVE-2023-26314 Arbitrary code execution through dangerous file association in Debian Mono package
N/A DNS rebinding vulnerability on Hetty's API
CVE-2022-27820 Lack of X.509 TLS certificate validation in OWASP ZAP
CVE-2022-26505 DNS rebinding in ReadyMedia/MiniDLNA
CVE-2022-28108 CSRF on Selenium standalone server
CVE-2022-28109 DNS rebinding on Selenium standalone server
CVE-2021-33516 DNS rebinding in GUPnP
CVE-2021-32563 Local program invocation without confirmation through Thunar command-line argument
N/A Local program invocation without confirmation through PCManFM command-line argument
N/A Local program invocation without confirmation through PCManFM-Qt command-line argument
N/A File type description spoofing in Firefox and Thunderbird
N/A Firefox and Thunderbird accept special Freedesktop MIME types
CVE-2021-31718 DNS rebinding in npupnp
CVE-2021-29462 DNS rebinding in pupnp
CVE-2021-4138 DNS rebinding in GeckoDriver
N/A DNS rebinding and CSRF on Samsung TV DIAL implementation
N/A DNS rebinding vulnerability in Samsung SmartTV UPnP
CVE-2020-26961 DoH RFC1918 addresses protection bypass using IPv4-mapped address in Firefox
CVE-2020-24373 CSRF in Freebox Server UPnP MediaServer
CVE-2020-24374 DNS rebinding in Freebox v5 modem Web UI
CVE-2020-24375 DNS rebinding in Freebox Server UPnP MediaServer
CVE-2020-24376 DNS rebinding in Freebox UPnP IGD
CVE-2020-24377 DNS rebinding in Freebox Server Web UI
CVE-2020-15660 CSRF to RCE in geckodriver
CVE-2020-15271 Code injection in lookatme
CVE-2019-7653 Code injection in python-rdflib-tools Debian package
N/A CSRF in several YunoHost/BriqueInternet applications
CVE-2018-10992 Shell command injection in lilypond
CVE-2017-17523 Shell command injection in lilypond
CVE-2017-18266 Argument injection in xdg-open
CVE-2017-17512 Argument injection in sensible-browser