Uvdesk v1.1.3 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python3 CVE-2023-39147....

GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

CSRF Vulnerability with Non-Session Based Authentication

The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based authentication methods like Devise's default authentication a...

CVE-2002-0396

The web management server for Red-M 1050 Bluetooth Access Point does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session...