238 matches found
GitHub Security Lab: [Python] CWE-943: Add NoSQL Injection Query
This bug was reported directly to GitHub Security Lab...
Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...
Cockpit CMS 0.11.1 NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
Sql injection
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
CVE-2021-22910 affects Rocket.Chat server versions prior to 3.13.2, 3.12.4, and 3.11.4. The vulnerability is a sanitization issue in certain endpoints that allows crafted queries to trigger a NoSQL injection, potentially leading to remote code execution. Red Hat and OSV entries corroborate the sa...
Rocket.Chat 安全漏洞
Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allows queries to endpoints, which can lead to NoSQL injection, which may result in an RCE...
PT-2021-15267 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat server versions prior to 3.13.2 Rocket.Chat server versions prior to 3.12.4 Rocket.Chat server versions prior to 3.11.4 Description: A sanitization issue exists in the Rocket.Chat server that allows queries to an endpoint,...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection to Remote Code Execution : CVE-202...
Rocket.Chat NoSQL injection (CVE-2021-22911)
A NoSQL injection vulnerability exists in Rocket.Chat. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...
Rocket.Chat 3.12.1远程代码执行(CVE-2021-22911)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Rocket.Chat 3.12.1 - NoSQL Injection to Remote Code Execution (Unauthenticated) Exploit (2)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a faster exploit...
Rocket.Chat 3.12.1 NoSQL Injection / Code Execution
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...