11 matches found
EUVD-2021-28251
Malicious code in bioql PyPI...
Survey Solutions Information Breach Vulnerability
Survey Solutions is a survey management and data collection system. survey Solutions is vulnerable to an information disclosure vulnerability that stems from a configuration or other error in the operation of the network system or product. An attacker could exploit the vulnerability to obtain...
ObjectPlanet Opinio 7.13 Expression Language Injection Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...
ObjectPlanet Opinio 7.13 Shell Upload
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...
ObjectPlanet Opinio 7.13 Expression Language Injection
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...
ObjectPlanet Opinio 7.12 Cross Site Scripting
Exploit Title: ObjectPlanet Opinio 7.12 allows Cross-Site Scripting Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Ang Kar Min https://www.linkedin.com/in/karmin-ang CVE: CVE-2020-26563 Timeline - September 2019: Initial...
Ethical Hackers Breach U.N., Access 100,000 Private Records
Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information PII–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure...
REDCap 9.1.2 - Cross-Site Scripting
REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...
REDCap Cross Site Scripting
Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. - Location example:...
REDCap < 9.1.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges t...