22 matches found
EUVD-2020-27987
Malware in sbrugna...
EUVD-2010-2690
Malware in sbrugna...
EUVD-2020-27988
Malware in sbrugna...
CVE-2020-6845
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...
CVE-2020-6844
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...
TopManage OLK Cross-Site Request Forgery Vulnerability
TopManage OLK is a suite of e-commerce management solutions from TopManage Panama. A cross-site request forgery vulnerability exists in TopManage OLK version 2020. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An...
CVE-2020-6844
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...
CVE-2020-6844
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...
CVE-2020-6845
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...
Cross site request forgery (csrf)
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...
Design/Logic Flaw
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...
CVE-2020-6845
TopManage OLK 2020 is affected by a DOM-based XSS issue caused by not setting ReadOnly on the session cookie, enabling takeover of user and admin accounts. Multiple sources (NVD, Red Hat, CNVD, etc.) corroborate the vulnerability in TopManage OLK 2020. The provided documents describe the root cau...
CVE-2020-6844
Summary: CVE-2020-6844 concerns TopManage OLK 2020 with a/login CSRF vulnerability that can be chained with another vulnerability to takeover admin and user accounts. The combined effect is the potential takeover of accounts due to cross-site request forgery weaknesses in the login flow. What is ...
CVE-2020-6844
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...
OLK Web Store 2020 - Cross-Site Request Forgery Vulnerability
Exploit for asp platform in category web applications Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link:...
OLK Web Store 2020 - Cross-Site Request Forgery
Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Date: 2020-01-13 Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link: http://www.topmanage.com/microsites/olk-web-store/ Version: 2020 Tested on: N/A C...
CVE-2010-2686
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the 1 PriceFrom, 2 PriceTo, and 3 InvFrom parameters, as reachable from olk/cp/searchCart.asp, and other unspecified vectors when...
Sql injection
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the 1 PriceFrom, 2 PriceTo, and 3 InvFrom parameters, as reachable from olk/cp/searchCart.asp, and other unspecified vectors when...
CVE-2010-2686
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the 1 PriceFrom, 2 PriceTo, and 3 InvFrom parameters, as reachable from olk/cp/searchCart.asp, and other unspecified vectors when...
CVE-2010-2686
CVE-2010-2686 affects SAP TopManage OLK module 1.91.30. Multiple SQL injection vulnerabilities exist in clientes.asp, allowing remote attackers to execute arbitrary SQL commands via (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters reachable from olk/c_p/searchCart.asp and other vectors duri...