240 matches found
NoSQL Injection Authentication Bypass
A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...
Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs
Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...
GitHub Security Lab: [Python] CWE-943: Add NoSQL Injection Query
This bug was reported directly to GitHub Security Lab...
Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...
Cockpit CMS 0.11.1 NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
Sql injection
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22910
CVE-2021-22910 affects Rocket.Chat server versions prior to 3.13.2, 3.12.4, and 3.11.4. The vulnerability is a sanitization issue in certain endpoints that allows crafted queries to trigger a NoSQL injection, potentially leading to remote code execution. Red Hat and OSV entries corroborate the sa...
PT-2021-15267 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat server versions prior to 3.13.2 Rocket.Chat server versions prior to 3.12.4 Rocket.Chat server versions prior to 3.11.4 Description: A sanitization issue exists in the Rocket.Chat server that allows queries to an endpoint,...
Rocket.Chat 安全漏洞
Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allows queries to endpoints, which can lead to NoSQL injection, which may result in an RCE...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection to Remote Code Execution : CVE-202...
Rocket.Chat NoSQL injection (CVE-2021-22911)
A NoSQL injection vulnerability exists in Rocket.Chat. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...
Rocket.Chat 3.12.1远程代码执行(CVE-2021-22911)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Rocket.Chat 3.12.1 NoSQL Injection / Code Execution
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Rocket.Chat 3.12.1 - NoSQL Injection to Remote Code Execution (Unauthenticated) Exploit (2)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a faster exploit...
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...