377 matches found
CVE-2020-15008
Summary: CVE-2020-15008 affects ConnectWise Automate prior to 2020.7 and the 2019.12 hotfix, where the probe code contains a SQL injection flaw in the data insertion path. The vulnerability arises from dynamic SQL construction that uses a user-supplied table name with minimal validation, enabling...
DRUPAL-CONTRIB-2020-019
The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are...
reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019
The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are...
CVE-2019-16327
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product...
The vulnerability of Netweaver Application Server Java web applications lies in insufficient validation of requests on the server side, allowing attackers to expose privileged user credentials.
The vulnerability of Netweaver Application Server Java web applications is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to obtain privileged user credentials by using a specially created XML file...
CVE-2019-12271
Sandline Centraleyezer On Premises allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side...
CVE-2018-17791
Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...
Input validation
Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...
CVE-2018-17791
CVE-2018-17791 affects Newgen OmniFlow iBPS 7.0. The root cause is improper server-side validation: client-side validations can be tampered, and non-editable parameters can be modified by editing a disabled form field, causing server-side data to be stored/fetched repeatedly and potentially leadi...
CVE-2019-7861
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
CVE-2019-7861
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
CVE-2019-1010199
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...
Liberapay: CSRF token manipulation in every possible form submits. NO server side Validation
Web Application is generating CSRFtoken values inside cookies which is not a best practice for web applications the revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only...
CVE-2018-6182
CVE-2018-6182 affects Mahara versions 16.10 before 16.10.9, 17.04 before 17.04.7, and 17.10 before 17.10.4. The root cause is that relying on TinyMCE code stripping is insufficient; an attacker can craft POST data packets with bad content to bypass client-side filtering and hit the server. The do...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications input type="submit" va...
Cisco Data Center Network Manager Software Authentication Bypass Vulnerability
Cisco Data Center Network Manager DCNM Software is a data center management system from Cisco USA. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An authentication bypass vulnerability exists in the web-based...
Infogram: Stored Cross-Site scripting in the infographics using links
Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...
Inflection: Malicious callback url can be set while creating application in identity
Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...
OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Cross-Site Scripting Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14755 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression...