170 matches found
Improper Input Validation
Description At the team updatehttps://ripob47346.getoutline.com/api/team.update and user updatehttps://ripob47346.getoutline.com/api/users.update functions, avatarUrl was not verified as a correct url. The user can enter arbitrary values. Proof of Concept /api/team.update /api/users.update Result...
PT-2022-15456 · Ibm · Ibm Websphere Application Server Liberty +1
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.7 Open Liberty Description: The issue allows an authenticated user to perform identity spoofing using a specially crafted request. Recommendations: For IBM WebSphere...
GHSA-96V6-HRWG-P378 Weak Password Requirements in Daybyday CRM
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
Weak Password Requirements in Daybyday CRM
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
Default credentials
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-21650 Stored XSS via html file upload in convos
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
ActivePool unwraps but does not update user state in WJLP
Handle cmichel Vulnerability details Calling WJLP.unwrap burns WJLP, withdraws the amount from the master chef and returns the same amount of JLP back to the to address. However, it does not update the internal accounting in WJLP with a userUpdate call. This needs to be done on the caller side...
M/Monit 3.7.4 - Privilege Escalation
Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...
PT-2026-5160
Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authenticated user can escalate privileges by manipulating the admin parameter. An attacker can send a crafted POST request to the /api/1/admin/users/update endpoint to grant administrative access to a...
CVE-2019-3775
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user...
M/Monit 3.7.2 - Privilege Escalation
!/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER = 'monit' Default built in unprivileged us...
K-iwi Framework 1775 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: K-iwi Framework 1775 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.k-iwi.com/ Software Link: https://sourceforge.net/projects/k-iwi/files/latest/download Version: 1775 Category: Webapps Tested on:...
K-iwi Framework 1775 - SQL Injection
Exploit Title: K-iwi Framework 1775 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.k-iwi.com/ Software Link: https://sourceforge.net/projects/k-iwi/files/latest/download Version: 1775 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
CVE-2018-18382
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...
CVE-2018-18382
Advanced HRM 1.6 is affected by CVE-2018-18382, which enables Remote Code Execution via PHP code uploaded to a .php file at the user/update-user-avatar URI, accessible through the Update Profile/Change Picture flow (user/edit-profile). The issue is tied to the specific endpoint path used for upda...
Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15866)
The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "user update" method in versions of Quest DR Series disk backup software prior to version 4.0.3.1. An attacker could exploit this vulnerability to execute arbitrary system commands...
MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting
MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
MyYoutube MyBB Plugin 1.0 - SQL Injection
No description provided by source. Exploit Title: MyYoutube MyBB plugin SQL UPDATE injection. Google Dork: inurl:member.php intext:Youtube Video intitle:Profile of Date: 12.10.2012 Exploit Author: Zixem Vendor Homepage: http://www.mybb-es.com Software Link: http://mods.mybb.com/view/myyoutube...