OneNav License Issues Vulnerabilities

OneNav is a minimalist navigation/bookmark management system developed using PHP. An authorization issue vulnerability exists in OneNav version 0.9.33 and earlier versions, which stems from the incorrect operation of the parameter X-Token that can lead to incorrect authentication...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

Directory traversal

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

CVE-2022-26276

The CVE-2022-26276 entry affects OneNav v0.9.14, with a vulnerability in the index.php file that enables directory traversal. Multiple connected sources (Red Hat, NVD, CNNVD, OSV, CVE lists, and PT Security) confirm the issue exists in OneNav v0.9.14 and describe the impact as a directory travers...

PT-2022-17760 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav version 0.9.14 Description: An issue in the index.php file allows attackers to perform directory traversal. Recommendations: For OneNav version 0.9.14, update to a version that fixes the issue in index.php to prevent directory traversa...

OneNav 路径遍历漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in index.php in OneNav v0.9.14. The vulnerability allows attackers to perform directory traversal...

in helloxz/onenav

Description During the comparisons of different variables, PHP will automatically convert the data into a common, comparable type. This makes it possible to compare the number 12 to the string '12' or check whether or not a string is empty by using a comparison like $string == True. This, however...

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

Information disclosure

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

CVE-2021-38712

Affected product: OneNav 0.9.12. Vulnerability: information disclosure of the onenav.db3 contents. The provided documents do not specify the exact root cause or exploited components beyond this disclosure. Impact: exposes database contents; no other impacts are detailed. Remediation / mitigation:...

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

OneNav 安全漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in OneNav 0.9.12 which allows information disclosure of onenav.db3 content...

OneNav Beta 0.9.12 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 addlink feature Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.06.2021 Vendor: https://www.xiaoz.me/ Link: https://github.com/helloxz/onenav/releases/tag/0.9.12 CVE: CVE-2021-38138 + Exploit Source:...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

Design/Logic Flaw

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...