2005 matches found
CVE-2023-28834
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
Information disclosure
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834
Summary of CVE-2023-28834 (Nextcloud Server information disclosure) Affected: Nextcloud Server 24.0.0–24.0.6, 25.0.0–25.0.4; Nextcloud Enterprise Server 23.0.0–23.0.11, 24.0.0–24.0.6, 25.0.0–25.0.4. Root cause: An API endpoint allowed a user to obtain the full data directory path of the Nextcloud...
Full path of data directory exposed to users
None...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
PT-2023-21870 · Nextcloud · Nextcloud Richdocuments
Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...
BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
PT-2023-17078 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup a...
PT-2023-1918
Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 11.0.1.1261 through 12.0.0.1420 Description A flaw exists in the Veeam Backup & Replication software that allows an unauthenticated user with network access to obtain encrypted credentials stored in the...
CVE-2023-25223
CRMEB =1.3.4 is vulnerable to SQL Injection via /api/admin/user/list...
PT-2023-19994 · Crmeb · Crmeb
Name of the Vulnerable Software and Affected Versions: CRMEB versions 1.3.4 and earlier Description: The issue is related to SQL Injection, which can be exploited via the "/api/admin/user/list" API endpoint. Recommendations: For CRMEB versions 1.3.4 and earlier, as a temporary workaround, conside...
PT-2023-19415 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wrlEn parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC version...
PT-2023-19411 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wrlEn 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC versi...
PT-2023-19426 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version 15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey3 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Jensen of Scandinavia Eagle 1200AC version...