13 matches found
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Vulnerability
Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Date: 11 Jun 2022 Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
Security researchers play peek-a-boo with Conti ransomware server
It’s not been a great time for ransomware authors recently. Well, some ransomware authors at any rate. While many are making huge amounts of money from their device-locking antics, its not a profession without risk. Every so often something can and does go wrong, and ransomware groups get into al...
FluBot Android malware mimics FedEx, Chrome apps to steal user data
By Deeba Ahmed Cybersecurity company PRODAFT reports that newly discovered FluBot Android malware is impersonating an Android mobile banking application. This is a post from HackRead.com Read the original post: FluBot Android malware mimics FedEx, Chrome apps to steal user data...
Liferay Portal 7.0.4 - Server-Side Request Forgery
Liferay Portal 7.0.4 - Server-Side Request Forgery 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Liferay Portal Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Liferay Portal < 7.0.4 - Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Liferay Portal < 7.0.4 - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686 0day.today 2018-06-26...
osTicket 1.10 - SQL Injection Vulnerability
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication...
osTicket 1.10 SQL Injection
ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...
TeamPass Passwords Management System 2.1.26 File Download
ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected:...
BigTree CMS 4.2.11 - SQL Injection
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange =...
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: BookingWizz Default username/password: admin/pass"; PR2 - Cross Site Scripting ======================================== File : eventList.php // Improper user input...