2010 matches found
PT-2023-22337 · Unknown · Yoga Class Registration System
Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cid parameter at the "/admin/login.php" API endpoint. Recommendations: For Yoga Class...
PT-2023-21358 · H3C · H3C Magic R100
Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue allows attackers to cause a Denial of Service DoS by sending a craft...
PT-2023-20883 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the pppoeAcName parameter at the "/setting/setWanIeCfg" API endpoint. Recommendations: For version 7.4cu.2313 B20191024, avoid using the...
PT-2023-21353 · H3C · H3C Magic R100
Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the EdittriggerList interface at the "/goform/aspForm" API endpoint. This allows attackers to cause a Denial of Service DoS via a crafted payload...
SUSE CVE-2023-28834
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
Information disclosure
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834
Summary of CVE-2023-28834 (Nextcloud Server information disclosure) Affected: Nextcloud Server 24.0.0–24.0.6, 25.0.0–25.0.4; Nextcloud Enterprise Server 23.0.0–23.0.11, 24.0.0–24.0.6, 25.0.0–25.0.4. Root cause: An API endpoint allowed a user to obtain the full data directory path of the Nextcloud...
Full path of data directory exposed to users
None...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
PT-2023-21870 · Nextcloud · Nextcloud Richdocuments
Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
PT-2023-17078 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup a...
CVE-2023-25223
CRMEB =1.3.4 is vulnerable to SQL Injection via /api/admin/user/list...