Lucene search
+L

7 matches found

osv
osv
added 2024/07/10 3:43 p.m.39 views

GHSA-7CX8-44PC-XV3Q Decidim cross-site scripting (XSS) in the pagination

Impact The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. Patches Not available Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized...

7.1CVSS6.6AI score0.00417EPSS
Exploits0References6
hackerone
hackerone
added 2020/10/15 4:42 a.m.104 views

Engel & Völkers Technology GmbH: Debug information at the /sapi endpoint

Summary: Sending a GET request to www.engelvoelkers.com/sapi and the server responds with a 500 Internal Server Error which yields a stack trace. Steps To Reproduce: - Enter www.engelvoelkers.com/sapi into your web browser and you can see the stacktrace. https://bugpoc.com/pocbp-VPZDeo2Z I will...

Exploits0
hackerone
hackerone
added 2020/07/02 4:11 p.m.28 views

Engel & Völkers Technology GmbH: Publicly accessible .SVN repository allows downloading entire source code

Summary of the Issue The researcher found a publicly accessible SVN repository at https://printshop.engelvoelkers.com/.svn/wc.db Steps to reproduce Go to https://printshop.engelvoelkers.com/.svn/wc.db Impact statement Information disclosure...

1.1AI score
Exploits0
hackerone
hackerone
added 2020/03/03 3:37 p.m.16 views

Engel & Völkers Technology GmbH: full path disclosure on world.engelvoelkers.com via error messages

Webserver in world.engelvoelkers.com discloses internal path in it's error message Via a browser: http://world.engelvoelkers.com/config/app.php http://world.engelvoelkers.com/connect.php Impact There is no direct impact, however this information can help an attacker identify other vulnerabilities...

3.2AI score
Exploits0
hackerone
hackerone
added 2020/02/26 7:18 p.m.22 views

Engel & Völkers Technology GmbH: Information Exposure at https://printshop.engelvoelkers.com/

Summary: There is an information exposure through some tmp, txt files that can allow an attacker to download some files from the application. Steps To Reproduce: + There are some files that exposed internal links from the application, inside of these files you can view some .xls that you can...

0.2AI score
Exploits0
hackerone
hackerone
added 2020/02/05 2:16 p.m.14 views

Engel & Völkers Technology GmbH BBP: Source Code Disclosure at http://service.engelvoelkers.com/alert/_backups/app

Summary: I found the source code of http://service.engelvoelkers.com/, compressed in the file app.gz, which can be downloaded at http://service.engelvoelkers.com/alert/backups/app. It contains the source code, some source code back ups and other sensitive information such as production server mys...

6.8AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.26 views

MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service (DOS) Vulnerability

No description provided by source. ?/ MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit Vendor: MA Lighting Technology GmbH Product web page: http://www.malighting.com Affected version: grandMA series 1 onPC Software 6.808 6.801 Summary: The grandMA onPC software...

7.1AI score
Exploits0
Rows per page
Query Builder