CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Personify360 e-Business is a Web-based member management system from Personify, Inc. A security vulnerability exists in Personify360 e-Business versions 7.5.2 through 7.6.1. The vulnerability can be exploited by an attacker to add vendor accounts or read vendor account data including: user names...

9.8CVSS6.8AI score0.08326EPSS

Exploits2References1

OSV•added 2017/06/07 1:29 p.m.•0 views

CVE-2017-7312

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...

9.8CVSS5.8AI score0.08326EPSS

Exploits2References1

OSV•added 2017/06/07 1:29 p.m.•0 views

CVE-2017-7313

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required...

7.5CVSS5.8AI score0.00379EPSS

Exploits1References1

NVD•added 2017/06/07 1:29 p.m.•10 views

CVE-2017-7314

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...

7.5CVSS7.5AI score0.08852EPSS

Exploits3References1

NVD•added 2017/06/07 1:29 p.m.•6 views

CVE-2017-7313

7.5CVSS7.6AI score0.00379EPSS

Exploits1References1

Prion•added 2017/06/07 1:29 p.m.•10 views

Authentication flaw

5CVSS7.6AI score0.00379EPSS

Exploits1References1Affected Software1

Prion•added 2017/06/07 1:29 p.m.•12 views

Design/Logic Flaw

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...

5CVSS7.4AI score0.08852EPSS

Exploits3References1Affected Software1

OSV•added 2017/06/07 1:29 p.m.•2 views

CVE-2017-7314

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...

7.5CVSS5.8AI score0.08852EPSS

Exploits3References1

CVE•added 2017/06/07 1:0 p.m.•50 views

CVE-2017-7312

CVE-2017-7312 affects Personify360 e-Business v7.5.2–v7.6.1. The vulnerability exists when accessing /TabId/275, allowing unauthenticated users to add vendor accounts or read existing vendor data, including usernames and passwords. This is an information disclosure and privilege escalation-like f...

9.8CVSS9.2AI score0.08326EPSS

Exploits2References1Affected Software1

CVE•added 2017/06/07 1:0 p.m.•61 views

CVE-2017-7314

CVE-2017-7314 affects Personify360 e-Business, versions 7.5.2–7.6.1. While creating a new role at /TabId/275, an attacker could access a list of database tables and their columns, revealing schema information due to improper access restrictions. ExploitDB evidence documents a PoC showing schema d...

7.5CVSS7.4AI score0.08852EPSS

Exploits3References1Affected Software1

CVE•added 2017/06/07 1:0 p.m.•40 views

CVE-2017-7313

CVE-2017-7313 affects Personify360 e-Business 7.5.2–7.6.1. The issue allows unauthenticated access to the URI /TabId/275, enabling reading of customer data (names, master Customer Ids, and emails) without authentication. The description indicates that anyone can search for users/customers in the ...

7.5CVSS7.5AI score0.00379EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/06/07 1:0 p.m.•14 views

CVE-2017-7314

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...

7.5AI score0.08852EPSS

Exploits3References1

Cvelist•added 2017/06/07 1:0 p.m.•17 views

CVE-2017-7313

7.6AI score0.00379EPSS

Exploits1References1

Exploit DB•added 2017/05/09 12:0 a.m.•31 views

Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions

Exploit Title: Discover all tables and columns in database when creating new customer role Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE : CVE-2017-7314 Category: webapps 1. Description Any...

7.5CVSS7.7AI score0.08852EPSS

Exploits3

exploitpack•added 2017/05/09 12:0 a.m.•19 views

Personify360 7.5.27.6.1 - Improper Access Restrictions

Personify360 7.5.27.6.1 - Improper Access Restrictions Exploit Title: Access and read and create vendor / API credentials in plaintext Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE :...

7.5CVSS0.9AI score0.08326EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by