DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

EUVD-2018-3437

Malware in sbrugna...

EUVD-2018-11433

Malware in sbrugna...

Yelp: Privilege Escalation - A Low Privilege User who does not have access to the user management module can remove the owner of the business account

The owner of the business account was removed by a low-privilege user who did not have access to the user management module...

Account Owner Email Adrress Leakage Lead To Improper Access Control

Description hi team, when i try to create users for on https://public.tenant.kiwitcms.org/admin/auth/user//change/ i see that the users are not properly authenticated. i can create users with the same firstname,lastname, and email. normally, when we create the same users it should error with the...

Mail.ru: [https://seosan.io] Account owner disclosure

seosan.io could unintentionally disclosure account owner name by e-mail during access recovery procedure. seosan.io has reached it's end of life and is not longer available...

DomainMOD cross-site scripting vulnerability (CNVD-2018-26477)

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. A cross-site scripting vulnerability exists in the assets/add/account-owner.php page in DomainMod 4.11.01 and earlier versions. A remote attacker can exploit this...

Design/Logic Flaw

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field...

CVE-2018-19749

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field...

DomainMod 4.09.03 - 'oid' Cross-Site Scripting

Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longer（[email protected]） Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.0...

CVE-2018-11403

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter...

DomainMOD Cross-Site Scripting Vulnerability

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. A cross-site scripting vulnerability exists in DomainMod version 4.09.03. A remote attacker can exploit this vulnerability by sending the 'oid' parameter to the...

Starbucks: Password Change not notified when changed from settings

Hi, Password change is not notified to the account owner if its made from the account settings. This is very crucial as once the account is compromised, the attacker can change the password without giving any clue to the victim. Steps to reproduce the issue: 1. Sign in with a valid username and...

New Relic: A user with restricted privileges is able to view Phone Number + Billing Email of account owner

Hello - A user with restricted access is able to view the phone number and the billing email of the account owner by simply ".json" at the end of the "https://rpm.newrelic.com/accounts/" URL. The URL structure looks like this: https://rpm.newrelic.com/accounts/██████.json Wherin "███████" is the...

Shopify: Privilege escalation vulnerability

Normally a full-access administrator of a shop other than the account owner should not be able to see the account owner's user profile. But a missing authorization check allowed the account owner's profile to be viewed if requested directly by URL...