CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

CVE-2019-25713

MyT-PM 1.5.1 is affected by an SQL injection vulnerability reachable via the Charge[group_total] parameter in POST requests to /charge/admin. The issue allows authenticated attackers to execute arbitrary SQL queries, using error-based, time-based blind, or stacked query payloads to extract data o...

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

MyT SQL注入漏洞

MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...

EUVD-2019-4850

Malware in sbrugna...

EUVD-2019-6485

Malware in sbrugna...

CVE-2019-13346

In MyT 1.5.1, the Userusername parameter has XSS...

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

Godfather Android banking malware is on the rise

Researchers at Cyble Research & Intelligence Labs CRIL have found a new version of the Android banking Trojan called Godfather. The new version of Godfather uses an icon and name similar to a legitimate application named MYT Music, which is hosted on the Google Play Store with over 10 million...

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-13346

In MyT 1.5.1, the Userusername parameter has XSS...

CVE-2019-13346

In MyT 1.5.1, the Userusername parameter has XSS...

Cross site scripting

In MyT 1.5.1, the Userusername parameter has XSS...

CVE-2019-13346

CVE-2019-13346 affects MyT Project Management 1.5.1. The issue is a stored XSS in the User[username] parameter during user creation (POST /myt-1.5.1/user/create). Root cause is input handling allowing script code to be persisted and potentially executed in other users’ contexts. Exploitation has ...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link:...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting

MyT Project Management 1.5.1 - Userusername Persistent Cross-Site Scripting Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link:...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting

Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link: https://sourceforge.net/projects/myt/files/latest/download Version: 1.5.1 Category: Webapps Tested o...