1998 matches found
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
PT-2023-21870 · Nextcloud · Nextcloud Richdocuments
Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
PT-2023-17078 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup a...
PT-2023-1918
Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 11.0.1.1261 through 12.0.0.1420 Description A flaw exists in the Veeam Backup & Replication software that allows an unauthenticated user with network access to obtain encrypted credentials stored in the...
PT-2023-19994 · Crmeb · Crmeb
Name of the Vulnerable Software and Affected Versions: CRMEB versions 1.3.4 and earlier Description: The issue is related to SQL Injection, which can be exploited via the "/api/admin/user/list" API endpoint. Recommendations: For CRMEB versions 1.3.4 and earlier, as a temporary workaround, conside...
CVE-2023-25223
CRMEB =1.3.4 is vulnerable to SQL Injection via /api/admin/user/list...
PT-2023-19424 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey3 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For version 15.03.06.33 en, as a temporary...
PT-2023-19414 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wepauth parameter at the "/goform/WifiBasicSet" API endpoint. This issue affects the Jensen of Scandinavia Eagle 1200AC devic...
PT-2023-19411 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wrlEn 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC versi...
PT-2023-19418 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey1 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For version V15.03.06.33 en, consider disabli...
PT-2023-19415 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wrlEn parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC version...
PT-2023-19426 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey3 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC version...
PT-2023-19423 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey1 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC...
Local file inclusion leading to RCE
Description The api handling endpoint allows for a local file inclusion that can lead to remote code execution. It requires a valid api token which can be obtained via a database backup with account access, a number of different sql injections with account access, or stolen from a user. Proof of...
Code injection
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
Code injection
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...