13 matches found
EUVD-2018-3133
Malware in sbrugna...
EUVD-2018-3134
Malware in sbrugna...
MyBiz MyProcureNet Cross-Site Scripting Vulnerability
MyBiz MyProcureNet is a procurement process automation solution from MyBiz Solutions Malaysia. A cross-site scripting vulnerability exists in ProxyPage.aspx in MyBiz MyProcureNet version 5.0.0. A remote attacker can exploit this vulnerability to inject malicious client-side script...
MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting Vulnerabilities
MyBiz MyProcureNet version 5.0.0 suffers from remote file upload and cross site scripting vulnerabilities. title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed version: unknown CVE number: - impact: Critical homepage: http://www.mybiz.net...
MyBiz MyProcureNet Arbitrary File Upload Vulnerability
MyBiz MyProcureNet is a procurement process automation solution from MyBiz Solutions Malaysia. A security vulnerability exists in MyBiz MyProcureNet version 5.0.0, which originates from an attacker being able to adjust the 'HiddenFieldControlCustomWhiteListedExtensions' parameter and add arbitrar...
Design/Logic Flaw
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
CVE-2018-11091
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
CVE-2018-11090
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
Cross site scripting
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
CVE-2018-11090
Affected software: MyBiz MyProcureNet 5.0.0. Vulnerability: Cross-site scripting (XSS) in the ProxyPage.aspx page. Root cause / detail: An attacker can inject malicious client-side scripting that is executed in the browser of users who visit the manipulated site. Impact (as stated): Malicious scr...
CVE-2018-11091
CVE-2018-11091 affects MyBiz MyProcureNet 5.0.0. A malicious actor can upload a script by tampering with HiddenFieldControlCustomWhiteListedExtensions, adding an allowed extension (e.g., .asp) so files like secctest.asp are accepted. This enables arbitrary command execution on the webserver and p...
CVE-2018-11091
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
CVE-2018-11090
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...