92 matches found
Workout Journal App 1.0 - Stored XSS
Exploit Title: Workout Journal App 1.0 - Stored XSS Date: 12.01.2024 Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows /...
PT-2024-21072 · Avsystem · Avsystem Unified Management Platform
Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue is related to improper input validation, which can result in unauthenticated Customer Premises Equipment CPE devices storing arbitrarily large amounts of...
PT-2023-29136 · Online Movie Ticket Booking System +1 · Online Movie Ticket Booking System
Name of the Vulnerable Software and Affected Versions: process registration.php affected versions not specified Description: The issue is related to the 'age' parameter of the process registration.php resource, which does not validate the characters received, and they are sent unfiltered to the...
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
GHSA-GH66-FP7J-98V5 Shopware improper mail validation vulnerability
Impact The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. Patches We recommend updating to the current version 5.7.18. You can get the update to...
CVE-2023-34099 Improper mail validation in Shopware
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7....
AddressRegistry can associate same CID to different addresses at the same time
Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...
authentik 授权问题漏洞
authentik is an open source identity provisioning application from authentik Open Source. Authentik suffers from an authorization issue vulnerability that stems from vulnerability to incorrect authentication, where token reuse in the invitation URL leads to bypassing access control by using a...
VDA Registration Step by Step and Troubleshoot common VDA Registration Failures
This article explains step by step process of VDA registration and troubleshoot common VDA registration failure issues...
Let’s Get Under the Hood of Imperva Snapshot
A stress-free guide for the prudent cloud operator With minimal setup, Imperva Snapshot enables you to immediately start your in-depth Amazon Web Services AWS RDS database assessment. With no prior training required, cloud operators can use this useful tool to pinpoint deficiencies in their...
PT-2021-21894 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.0 and earlier Description: The issue is related to insufficient validation of email addresses during the registration process. This allows attackers to trick users into signing up with attacker-controlled email addresses...
CVE-2021-27491
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process...
Ypsomed mylife App 安全漏洞
Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed suffers from a security vulnerability that...
SpotAuditor 5.3.5 - (multiple) Denial Of Service Exploit
Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- Run the python script...
The vulnerability of the registration process for certificates in the Cisco Unified Computing System Central system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Computing System Central device registration process is related to errors in verifying the authenticity of the certificates. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2021-26719
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...
UBUNTU-CVE-2021-26719
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2020-36157
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a...