28 matches found
EUVD-2010-0733
Malware in sbrugna...
EUVD-2014-8560
Malware in sbrugna...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
subex.ch Cross Site Scripting vulnerability OBB-3347931
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability
Subex ROC Partner Settlement is a scalable partner management platform from Subex India. The platform supports features such as billing and revenue management. A security vulnerability exists in the Change Password feature in Subex ROC Partner Settlement version 10.5. The vulnerability can be...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
CVE-2020-9384
The entries describe an Insecure Direct Object Reference (IDOR) in Subex ROC Partner Settlement 10.5 Change Password. Affected component: Change Password feature; root cause: manipulation of POST parameters enabling account takeover by remote authenticated users. Impact: account compromise report...
PT-2020-20625 · Subex · Subex Roc Partner Settlement
Name of the Vulnerable Software and Affected Versions: Subex ROC Partner Settlement version 10.5 Description: An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature allows remote authenticated users to achieve account takeover via manipulation of POST parameters. Th...
Subex ROC Partner Settlement 10.5 Insecure Direct Object Reference
=========================================================================================================== Subex ROC Partner Settlement 10.5 - Authenticated IDOR in change password function lead to account takeover...
CVE-2014-8728
SQL injection vulnerability in the login page login/login in Subex ROC Fraud Management aka Fraud Management System and FMS 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rangerusername parameter...
Sql injection
SQL injection vulnerability in the login page login/login in Subex ROC Fraud Management aka Fraud Management System and FMS 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rangerusername parameter...
CVE-2014-8728
Subex ROC Fraud Management (aka Fraud Management System/FMS) suffers an SQL injection in the login page (login/login) accessible on Subex ROC FMS 7.4 and earlier. The vulnerability stems from how the POST parameter ranger_user[name] is handled, enabling an attacker to submit arbitrary SQL command...
CVE-2014-8728
SQL injection vulnerability in the login page login/login in Subex ROC Fraud Management aka Fraud Management System and FMS 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rangerusername parameter...
Subex Fms 7.4 - SQL Injection
Subex Fms 7.4 - SQL Injection ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection =======================================================================================...
Subex Fms 7.4 - SQL Injection
======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection ======================================================================================= Affected Software: Subex ROC FMS...
Subex ROC Fraud Management System 7.4 SQL Injection Vulnerability
Subex ROC Fraud Management System version 7.4 suffers from a remote unauthenticated time-based blind SQL injection vulnerability. ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL...