Vestaboard: Exploring Broken Access Controls and Privilege Escalation

The post Vestaboard: Exploring Broken Access Controls and Privilege Escalation appeared first on Rhino Security Labs...

OpenEMR < 7.0.1 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

Download Manager < 3.2.71 - Broken Access Controls

The plugin does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's...

Broken Access Controls in Pratice settings

Description We observed that a receptionist user can add a Pharmacy in the Pratice Settings section, although this area is restricted to receptionist users. Proof of Concept REQUEST: POST /openemr/controller.php?practicesettings&pharmacy&action=edit HTTP/1.1 Host: demo.openemr.io Cookie: OpenEMR=...

OpenEMR < 7.0.0.2 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

CVE-2022-39019

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server...

CVE-2022-39018 Broken access controls on PDFtron data in M-Files Hubshare

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL...

CVE-2022-39018

The vulnerability CVE-2022-39018 affects M-Files Hubshare prior to 3.3.11.3, where broken access controls on PDFtron data allow unauthenticated users to access restricted PDF files via a known URL. Affected component: PDFtron data within Hubshare; root cause: inadequate access control enforcement...

CVE-2022-39019 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server...

PT-2022-24675 · M Files +1 · M-Files Hubshare +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.11.3 Description: The issue concerns broken access controls on PDFtron WebviewerUI in M-Files Hubshare, allowing unauthenticated attackers to upload malicious files to the application server...

Acronis: Broken Access Controls

The End Point notary.acronis.com Blocks access to the panel if you are not an authenticated user. More is possible to access some functions of the panel by adding the .html at the end See Poc From Video Below Impact Broken access control vulnerabilities exist when a user can in fact access some...

VWar Cross Site Scripting / SQL Injection / Broken Access Controls

Back in April 2008 I found a bunch of vulnerabilities in PHP clan management system, however the project had just changed hands. Since then the new project leader has been assuring me that new secure release which fixed all the found issues was just around the corner. Over two years later I...