Lucene search
+L

180 matches found

Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.12 views

PT-2020-17385 · Bigprof · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System versions prior to 3.0 Description: The issue concerns a lack of CSRF protection in the "admin/pageTransferOwnership.php" endpoint, allowing an attacker to escalate privileges to Administrator and take over the...

8.8CVSS8.8AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/23 12:0 a.m.10 views

BigProf Online Invoicing System 跨站脚本漏洞

BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A stored cross-site scripting vulnerability exists in BigProf Online Invoicing System versions prior to 4.0. The vulnerability stems from the product failing to...

4.8CVSS5.7AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/23 12:0 a.m.10 views

BigProf Online Invoicing System 跨站脚本漏洞

BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A cross-site scripting vulnerability exists in app/membershipsignup.php and app/admin/pageViewMembers.php in BigProf Online Invoicing System versions prior to 3.1...

6.1CVSS6.3AI score0.00749EPSS
Exploits1References3
CNVD
CNVD
added 2020/01/10 12:0 a.m.5 views

BigProf Online Invoicing System Cross-Site Scripting Vulnerability

BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf OIS 2.6 and prior versions. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to...

6.1CVSS6.4AI score0.00686EPSS
Exploits1References1
NVD
NVD
added 2020/01/08 8:15 p.m.19 views

CVE-2020-6583

BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...

6.1CVSS6.1AI score0.00686EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/08 7:6 p.m.22 views

CVE-2020-6583

BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...

6.1AI score0.00686EPSS
Exploits1References1
CVE
CVE
added 2020/01/08 7:6 p.m.65 views

CVE-2020-6583

CVE-2020-6583 affects BigProf Online Invoicing System (OIS) up to version 2.6. The vulnerability is a cross-site scripting (XSS) flaw that enables an attacker to hijack an administrator session by retrieving the session cookie through the Name field in an Add New Client action. The exploitation p...

6.1CVSS6AI score0.00686EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2019/12/04 12:0 a.m.23 views

Online Clinic Management System 2.2 - HTML Injection

Online Clinic Management System 2.2 - HTML Injection Exploit Title: Online Clinic Management System 2.2 - HTML Injection Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...

7.6AI score
Exploits0
0day.today
0day.today
added 2019/12/04 12:0 a.m.250 views

Online Clinic Management System 2.2 - HTML Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Clinic Management System 2.2 - HTML Injection Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2019/12/03 12:0 a.m.27 views

Online Invoicing System 2.6 - description Persistent Cross-Site Scripting

Online Invoicing System 2.6 - description Persistent Cross-Site Scripting Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...

6.8AI score
Exploits0
0day.today
0day.today
added 2019/12/03 12:0 a.m.161 views

Online Invoicing System 2.6 - (description) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/03 12:0 a.m.323 views

Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting

Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://github.com/bigprof-software/online-invoicing-system Software : Online Invoicing Syst...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/11/29 12:0 a.m.22 views

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link :...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/29 12:0 a.m.235 views

Online Inventory Manager 3.2 Cross Site Scripting

Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/29 12:0 a.m.82 views

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software :...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/10/24 12:0 a.m.6 views

BigProf AppGini Information Disclosure Vulnerability

BigProf AppGini is a suite of platforms for creating responsive data management applications from BigProf Software, Egypt. A security vulnerability exists in BigProf AppGini version 5.70 that stems from the program's use of MD5 hashing to store passwords in the database. An attacker could exploit...

6.1CVSS5.7AI score0.01363EPSS
Exploits0References1
OSV
OSV
added 2018/10/23 12:29 p.m.4 views

CVE-2018-18587

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...

5.3CVSS5.8AI score0.00527EPSS
Exploits0References1
NVD
NVD
added 2018/10/23 12:29 p.m.19 views

CVE-2018-18587

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...

5.3CVSS5.3AI score0.00527EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/23 12:0 p.m.19 views

CVE-2018-18587

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...

5.4AI score0.00527EPSS
Exploits0References1
CVE
CVE
added 2018/10/23 12:0 p.m.51 views

CVE-2018-18587

CVE-2018-18587 affects BigProf AppGini 5.70, where passwords are stored in the database using MD5. The root cause is the use of MD5 hashing for password storage, leading to potential compromise of credentials (information disclosure). Connected sources corroborate the MD5-based storage in AppGini...

5.3CVSS5.3AI score0.00527EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder