52 matches found
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
EUVD-2019-9452
Malware in sbrugna...
EUVD-2020-4983
Malware in sbrugna...
EUVD-2019-9447
Malware in sbrugna...
EUVD-2019-9451
Malware in sbrugna...
EUVD-2019-9449
Malware in sbrugna...
EUVD-2019-9448
Malware in sbrugna...
EUVD-2019-9450
Malware in sbrugna...
Serpico Information Disclosure Vulnerability
Serpico is a penetration test report generation and collaboration tool from the Serpico project. An information disclosure vulnerability exists in Serpico versions prior to 1.3.3. The vulnerability stems from the fact that an authenticated non-administrative user can request the...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
Design/Logic Flaw
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-12687
CVE-2020-12687 affects Serpico prior to 1.3.3. The /admin/attacments_backup endpoint may be accessed by non-admin authenticated users, allowing retrieval of all user attachments (including administrator data). Red Hat, CNVD, OSV, and other sources corroborate this information. A fix is available ...
Serpico Cross-Site Request Forgery Vulnerability
Serpico is a penetration test report generation and collaboration tool. Serpico suffers from a cross-site request forgery vulnerability. The vulnerability stems from Serpico not using CSRF tokens. An attacker can exploit this vulnerability and combine it with a cross-site scripting vulnerability ...
Serpico Cross-Site Scripting Vulnerability
Serpico is a penetration test report generation and collaboration tool. Serpico suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side...
CVE-2019-19857
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change...
CVE-2019-19859
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database...
CVE-2019-19855
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. admin/listuser allows stored XSS via the authtype parameter...
CVE-2019-19854
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header which must match the request origin. This is problematic in conjunction with XSS: one can escalate privileges from User level ...