7 matches found
Shopify: Add new development stores without permission
Details A staff member who only has permission to add and remove managed stores can also create development stores. It appears proper permission checks are not performed when /organizationID/stores/signupobject/devstore endpoint is queried, as long as a staff member has store access, a token is...
The vulnerability of the Partner Dashboard sub-component of the Oracle Partner Management component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Partner Dashboard sub-component of the Oracle Partner Management component within the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP...
The vulnerability of the Partner Dashboard sub-component of the Oracle Partner Management component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Partner Dashboard sub-component of the Oracle Partner Management component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify, add, or delete data using th...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2019-28449)
Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management and other functions. partner management is one of the...
Shopify: PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard
Hi, I'm not too sure if this is intentional and a expected feature or was it really an unnecessary information disclosure. If this is intentional, kindly close this as Informative or allow me to self-close so as not affect my signal. From my perspective, I noticed 2 issues, PART 1: Using Partners...
Cuvva: Sensitive Support Mail Disclosure
An issue with our handling of Intercom sessions existed in one of our partner dashboards. Exact details being kept under wraps for now, as it's an issue which exists in a large number of Intercom installations...
QIWI: Content Spoofing in mango.qiwi.com
Доброй ночи. Уязвимость найдена по адресу: https://mango.qiwi.com/partner/dashboard Уязвимый параметр: partnerfirstname Exploit Code: POST Запрос: POST /partner/signup HTTP/1.1 Host: mango.qiwi.com Connection: keep-alive Content-Length: 515 Cache-Control: max-age=0 Accept:...