38 matches found
CVE-2022-22190
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the...
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...
WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
Authentication flaw
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34675
CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...
WordPress 授权问题漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...
Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse
Horn3t is your Nr 1 tool for exploring subdomains visually. Building on the great Sublist3r framework or extensible with your favorite one it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and...
Elastic Kibana 4.0 <= 4.6 / 5.0 <= 5.6.12 / 6.0 <= 6.4.2 Credential Exposure Vulnerability - Windows
Kibana is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Authorization
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...
CVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...
CVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...
Kibana ESA-2018-17
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...
WebVulScan - Web Application Vulnerability Scanner
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the...
LocalTapiola: Possibly big authorization problem in Lähitapiola´s varainhoito
Issue The reporter found a design flaw in a feature where pdf-reports are generated. Pdf-reports were generated using 19-digit random names and the names as well as the reports were persistent and accessible by all authenticated users. Fix Guessing a random 19-digit name was found to be almost...