5 matches found
📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload
This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...
PT-2019-14506 · Vmware · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 1.7.0 through 1.8.2 Description: The issue allows non-admin users to create admin accounts via the "POST /api/users" API endpoint, when Harbor is set up with a DB as the authentication backend and allows users to do...
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...