70 matches found
GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...
Improper access control
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
OpenCart CMS 4.0.2.2 Brute Force Vulnerability
Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks, where...
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...
CVE-2023-25934
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request...
Cross-site Scripting (XSS) - Stored in tsolucio/corebos
Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...
PT-2023-22191 · Sap · Sap Crm
Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801 Description: The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This...
Garage Management System 1.0 Cross Site Scripting
Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...
MTN Group: Authentication Bypass Leads To Complete Account TakeveOver on ██████████
The application's backend logic placed too much trust on the login information submitted by the user, which allowed a remote attacker to bypass authentication and perform account takeover...
GHSA-P487-39H9-HM84 Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
Design/Logic Flaw
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2022-30562
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page...
Moodle Users could elevate their role when accessing the LTI tool on a provider site
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...
CVE-2022-22434
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159...
envoyproxy/envoy: denial of service when using extensions that modify request or response sizes
An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This...
CVE-2021-21390 MITM modification of request bodies in MinIO
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...
InnoGames: Cache Poisoning via uppercase letters in invalid path
Summary of the issue Cache poisoning vulnerability appears in the request to innogames.com. The issue arises when language path parameter from the url gets processed on the backend to become lowercase. Then if a path provided in X-Forwarded-Host does not exist on the server, 301 response is...