Kirona-DRS 5.5.3.5 - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be...

Kirona-DRS 5.5.3.5 Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

Kirona-DRS 5.5.3.5 - Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

Cross site scripting

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

Design/Logic Flaw

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

CVE-2019-17504

Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5 is affected by a reflected XSS vulnerability. The issue allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter, indicating insufficient input validation on the web application. References in the connected doc...