22 matches found
EUVD-2019-5493
Malware in sbrugna...
EUVD-2019-5494
Malware in sbrugna...
EUVD-2019-5492
Malware in sbrugna...
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2019-14252
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...
Publisure Improper Access Control Vulnerability
Publisure is an integrated multi-channel communications platform for outbound communications. An improper access control vulnerability exists in the servletcontroller in the secure portal of Publisure 2.1.2, which can be exploited by an attacker to bypass authentication and execute queries agains...
Publisure Code Issue Vulnerability
Publisure is an integrated multi-channel communications platform for outbound communications. A code issue vulnerability exists in the secure portal of Publisure 2.1.2, which can be exploited by an attacker to inject arbitrary PHP code via the adminCons.php form, which can be used for remote code...
Publisure SQL Injection Vulnerability
Publisure is an integrated multi-channel communications platform for outbound communications. The platform includes features such as hybrid internal/external mail, SMS and e-mail. A SQL injection vulnerability exists in the userAccFunctions.php function in Publisure version 2.1.2, which can be...
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2019-14253
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted...
CVE-2019-14253
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted...
CVE-2019-14252
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...
CVE-2019-14252
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...
Design/Logic Flaw
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...
Sql injection
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
Authentication flaw
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted...
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2019-14254
Summary (CVE-2019-14254) : The issue affects Publisure version 2.1.2 secure portal. SQL injections in the file userAccFunctions.php allow an attacker to extract passwords and grant access to the user account “user” to become Administrator . Exploitation details are corroborated by multiple source...
CVE-2019-14253
CVE-2019-14253 affects Publisure 2.1.2’s servletcontroller in the secure portal, where an improper access control flaw allows bypassing authentication and issuing queries against restricted PHP forms in the /AdminDir folder. This could enable unauthorized access to restricted functionality and da...