52 matches found
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
EUVD-2019-9450
Malware in sbrugna...
EUVD-2019-9448
Malware in sbrugna...
EUVD-2019-9447
Malware in sbrugna...
EUVD-2019-9449
Malware in sbrugna...
EUVD-2019-9451
Malware in sbrugna...
EUVD-2020-4983
Malware in sbrugna...
EUVD-2019-9452
Malware in sbrugna...
Serpico Information Disclosure Vulnerability
Serpico is a penetration test report generation and collaboration tool from the Serpico project. An information disclosure vulnerability exists in Serpico versions prior to 1.3.3. The vulnerability stems from the fact that an authenticated non-administrative user can request the...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
Design/Logic Flaw
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
CVE-2020-12687 affects Serpico prior to 1.3.3. The /admin/attacments_backup endpoint may be accessed by non-admin authenticated users, allowing retrieval of all user attachments (including administrator data). Red Hat, CNVD, OSV, and other sources corroborate this information. A fix is available ...
Serpico Cross-Site Request Forgery Vulnerability
Serpico is a penetration test report generation and collaboration tool. Serpico suffers from a cross-site request forgery vulnerability. The vulnerability stems from Serpico not using CSRF tokens. An attacker can exploit this vulnerability and combine it with a cross-site scripting vulnerability ...
Serpico Cross-Site Scripting Vulnerability
Serpico is a penetration test report generation and collaboration tool. Serpico suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side...
CVE-2019-19858
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. admin/adduser/UID allows stored XSS via the author parameter...
CVE-2019-19856
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The User Type on the admin/listuser page allows stored XSS via the type parameter...
CVE-2019-19854
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header which must match the request origin. This is problematic in conjunction with XSS: one can escalate privileges from User level ...
CVE-2019-19854
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header which must match the request origin. This is problematic in conjunction with XSS: one can escalate privileges from User level ...