7 matches found
PT-2026-47345
Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Summary An IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin email addresses and other metadata can be exposed, increasing the risk...
Stripo Inc: [my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier
A critical Blind SSRF Server-Side Request Forgery vulnerability was identified in the export service of the Stripo app. The vulnerability existed in the endpoint /exportservice/v3/exports/WEBHOOK/accounts, where malicious input could be provided in the webhookUrl parameter, triggering SSRF and...
CVE-2022-1816
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/publichtml/viewaccounts?type=zookeeper of the content module. The manipulation of the argument adminname with the input alert1 leads to an authenticated cross si...
PT-2020-14542 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information without requiring authentication. The flaw exists in the ajax list accounts.php file, specifically when parsing the...
Unspecified Vulnerability in Deskpro (CNVD-2020-22251)
Deskpro is a helpdesk software solution that helps companies manage communication with their customers and user base across multiple channels. A security vulnerability exists in Deskpro versions prior to 2019.8.0 that stems from the /api/emailaccounts endpoint failing to properly validate user...
CVE-2020-11463
An issue was discovered in Deskpro before 2019.8.0. The /api/emailaccounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to...