4 matches found
CVE-2017-7312
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...
CVE-2017-7312
CVE-2017-7312 affects Personify360 e-Business v7.5.2–v7.6.1. The vulnerability exists when accessing /TabId/275, allowing unauthenticated users to add vendor accounts or read existing vendor data, including usernames and passwords. This is an information disclosure and privilege escalation-like f...
Personify360 7.5.27.6.1 - Improper Access Restrictions
Personify360 7.5.27.6.1 - Improper Access Restrictions Exploit Title: Access and read and create vendor / API credentials in plaintext Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE :...
Personify360 7.5.2/7.6.1 - Improper Access Restrictions
Exploit Title: Access and read and create vendor / API credentials in plaintext Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE : CVE-2017-7312 Category: webapps 1. Description Any website visito...