12 matches found
EUVD-2020-18748
Malware in sbrugna...
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Vulnerability
Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible to induce the...
Companymaps v8.0 - Stored Cross Site Scripting Vulnerability
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...
Companymaps v8.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Date: 27.04.2023 Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: ...
CompanyMaps 8.0 Cross Site Scripting
Exploit Title: Stored Cross Site Scripting Google Dork: Date: 27.04.2023 Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone t...
Smartbear Collaborator Server Operating System Command Injection Vulnerability
Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...
CVE-2020-26118
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...
Deserialization of untrusted data
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...
CVE-2020-26118
CVE-2020-26118 – SmartBear Collaborator Server : All provided sources describe a post-authentication Java deserialization vulnerability in the server’s UpdateMemento handling of user-supplied serialized objects via the Google Web Toolkit (GWT) API, up to version 13.3.13302. The issue allows an au...
CVE-2020-26118
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...
Smartbear Collaborator Server 操作系统命令注入漏洞
Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...
CVE-2018-10377
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data...