CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass t...

CVE-2024-28269

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code Execution...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 is vulnerable to authentication bypass via cookie manipulation. The Nuclei template and Red Hat/NVD entries describe an issue where the cookie value (e.g., AdminUsername) is not bound to a session ID, allowing an attacker to bypass authentication by modifying the coo...

ReCrystallize Server 安全漏洞

ReCrystallize is a reporting software from ReCrystallize, Inc. A security vulnerability exists in ReCrystallize Server version 5.10.0.0 that stems from an unrestricted file upload that allows administrators to upload files to the server...

ReCrystallize Server 安全漏洞

ReCrystallize is a reporting software from ReCrystallize, Inc. A security vulnerability exists in ReCrystallize Server version 5.10.0.0 that stems from the use of an authorization mechanism that relies on a cookie value but does not bind the cookie value to a session ID, which can be exploited by...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass t...

CVE-2024-28269

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code Execution...

CVE-2024-28269

The CVE-2024-28269 entry concerns ReCrystallize Server 5.10.0.0, where an unrestricted file upload capability exists. According to multiple sources, this allows administrators to upload files without restrictions, enabling the upload of malicious content and potentially leading to Remote Code Exe...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass t...

CVE-2024-28269

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code Execution...

PT-2024-21355 · Unknown · Recrystallize Server

Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within...

PT-2024-22371 · Unknown · Recrystallize Server

Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue allows administrators to upload files to the server without restrictions, leading to the potential upload of malicious files. This could result in Remote Code Execution...