4420 matches found
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
For a full list of their clients please visit: https://www.checkbox.com/clients/ 1- Directory traversal vulnerability : For example to download the web.config file we can send a request as the following: http://www.example.com/Checkbox/Upload.ashx?f=....\web.config&n=web.config 2- Direct Object...
ProjectSend r754 - Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Product & Service Introduction: =============================== ProjectSend is a self-hosted application you can install it easily on your own VPS or...
ProjectSend r754 - IDOR & Authentication Bypass
Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID: ==================================== 2031 Comm...
ProjectSend r754 - Insecure Direct Object Reference
Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID:...
OLX: Public Vulnerable Version of Confluence https://confluence.olx.com
The public server is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. Link to the public issue: https://jira.atlassian.com/browse/CONF-39704 PoC: GET:...
Open-Xchange: IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)
Hello again, I have found that everybody can delete everybody's signature via a malformed PUT request in /appsuite/api/snippet?action=update. Although a processing error is thrown, the targeted signature is deleted. POC ------------------ PUT...
Open-Xchange: IDOR - Deleting other user's reminders just by id
Hello, I have found that one can delete other user's reminders just by passing the id. The folder id, user id and other linking data is not passed and not validated by making a normal delete requests all these parameters are passed, but they don't seem to be validated POC ---------------- PUT...
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
Exploit for asp platform in category web applications Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...
Article Directory Script Seo 3.2 Insecure Direct Object Reference
Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Article Directory Script Seo Script Version: V3.2 Script Buy Now: http://www.e-soft24.com/article-directory-script-seo-p-338.html Author: Adeghsan Aencan Author Web: http://ihsan.ne...
MC Real Estate Pro Insecure Direct Object Reference
Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Real Estate Pro Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 Author: Adeghsan Aencan Author Web: http://ihsan.net Mail : ihsanbeygirihsannoktanet...
U.S. Dept Of Defense: Insecure direct object reference vulnerability on a DoD website
A Department of Defense website was vulnerable to an insecure direct object reference vulnerability IDOR which may allow an attacker to modify web content or certain database parameters. @uranium238 was able to demonstrate this vulnerability by manipulating web objects in a particular way. Very...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
Atlassian Confluence Server 5.8.x < 5.8.17 Multiple Vulnerabilities
Binary data 9647.prm...
Within ten seconds of black off the Facebook home page? This vulnerability turned out to the value 1. 6 million dollars including vulnerability analysis-vulnerability warning-the black bar safety net
! How to black out your Facebook for? The man from India safe studies experts say have something to say. According to the foreign media to the latest reports, a man named ArunSureshkumar of India security experts at Facebook“Business Management Platform”for BusinessManager found a serious...
CVE-2016-0915
The Self-Service Portal in EMC RSA Authentication Manager AM Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service PIN change for an arbitrary user via a modified token serial number within a PIN change request, related to a "direct...