180 matches found
PT-2020-17385 · Bigprof · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System versions prior to 3.0 Description: The issue concerns a lack of CSRF protection in the "admin/pageTransferOwnership.php" endpoint, allowing an attacker to escalate privileges to Administrator and take over the...
BigProf Online Invoicing System 跨站脚本漏洞
BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A stored cross-site scripting vulnerability exists in BigProf Online Invoicing System versions prior to 4.0. The vulnerability stems from the product failing to...
BigProf Online Invoicing System 跨站脚本漏洞
BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A cross-site scripting vulnerability exists in app/membershipsignup.php and app/admin/pageViewMembers.php in BigProf Online Invoicing System versions prior to 3.1...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf OIS 2.6 and prior versions. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to...
CVE-2020-6583
BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...
CVE-2020-6583
BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...
CVE-2020-6583
CVE-2020-6583 affects BigProf Online Invoicing System (OIS) up to version 2.6. The vulnerability is a cross-site scripting (XSS) flaw that enables an attacker to hijack an administrator session by retrieving the session cookie through the Name field in an Add New Client action. The exploitation p...
Online Clinic Management System 2.2 - HTML Injection
Online Clinic Management System 2.2 - HTML Injection Exploit Title: Online Clinic Management System 2.2 - HTML Injection Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...
Online Clinic Management System 2.2 - HTML Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Clinic Management System 2.2 - HTML Injection Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system...
Online Invoicing System 2.6 - description Persistent Cross-Site Scripting
Online Invoicing System 2.6 - description Persistent Cross-Site Scripting Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...
Online Invoicing System 2.6 - (description) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://github.com/bigprof-software/online-invoicing-system Software : Online Invoicing Syst...
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link :...
Online Inventory Manager 3.2 Cross Site Scripting
Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software :...
BigProf AppGini Information Disclosure Vulnerability
BigProf AppGini is a suite of platforms for creating responsive data management applications from BigProf Software, Egypt. A security vulnerability exists in BigProf AppGini version 5.70 that stems from the program's use of MD5 hashing to store passwords in the database. An attacker could exploit...
CVE-2018-18587
BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...
CVE-2018-18587
BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...
CVE-2018-18587
BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...
CVE-2018-18587
CVE-2018-18587 affects BigProf AppGini 5.70, where passwords are stored in the database using MD5. The root cause is the use of MD5 hashing for password storage, leading to potential compromise of credentials (information disclosure). Connected sources corroborate the MD5-based storage in AppGini...