45 matches found
PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4115 info: name: PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting author:...
CVE-2023-4115
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier...
EUVD-2023-56048
Malicious code in bioql PyPI...
EUVD-2023-40117
Malicious code in bioql PyPI...
CVE-2023-36141
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-51328
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS in the "cname, name" parameters...
CVE-2023-51327
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51326
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51327
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51326
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51326
CVE-2023-51326 involves PHPJabbers Cleaning Business Software v1.0, where a lack of rate limiting in the Forgot Password/Email flow can allow an attacker to flood a legitimate user with email, producing a potential Denial of Service. The issue is documented with a CVSS v3.1 base score of 6.5 (Med...
CVE-2023-51331
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV...
CVE-2023-51327
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
PHPJabbers Cleaning Business Software 1.0 CSV Injection
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...
PHPJabbers Cleaning Business Software Security Vulnerability
PHPJabbers Cleaning Business Software is a cleaning reservation software from PHPJabbers Serbia. A security vulnerability exists in PHPJabbers Cleaning Business Software. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...
CVE-2023-36140
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts...
PT-2023-25451 · Phpjabbers · Phpjabbers Cleaning Business
Name of the Vulnerable Software and Affected Versions: PHPJabbers Cleaning Business Software version 1.0 Description: The issue concerns the lack of encryption on user passwords, allowing an attacker to gain access to all user accounts. This enables unauthorized access, potentially leading to dat...
CVE-2023-36140
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts...
CVE-2023-36140
CVE-2023-36140 affects PHPJabbers Cleaning Business Software 1.0. The root cause is that user passwords are not encrypted, enabling an attacker to access all user accounts. The entry carries a high-risk impact (CRITICAL, CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No remediation details are p...