12 matches found
CVE-2021-29393
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters...
CVE-2021-29395
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...
CVE-2021-29396
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication...
Directory traversal
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...
Design/Logic Flaw
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP...
Cross site request forgery (csrf)
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...
CVE-2021-29397
CVE-2021-29397 affects Northstar Technologies Inc. NorthStar Club Management version 6.3. The vulnerability is a cleartext transmission issue in the login page at /northstar/Admin/login.jsp, allowing a remote observer to intercept credentials transmitted over HTTP. The connected documents confirm...
CVE-2021-29396
CVE-2021-29396 concerns NorthStar Club Management 6.3 from Northstar Technologies Inc, described as a systemic insecure-permissions issue that allows remote unauthenticated users to access and use various functionalities without authentication. The CVE entry notes exposure at network level with h...
CVE-2021-29396
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication...
CVE-2021-29394
CVE-2021-29394 affects NorthStar Club Management version 6.3. The issue is a lack of proper authorization in the userID parameter of an HTTP POST to /northstar/Admin/changePassword.jsp, allowing remote authenticated users to change other users’ passwords (account hijacking). Root cause: insuffici...
CVE-2021-29393
The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...
CVE-2021-29393
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters...