GHSA-7CX8-44PC-XV3Q Decidim cross-site scripting (XSS) in the pagination

Impact The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. Patches Not available Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized...

Engel & Völkers Technology GmbH: Debug information at the /sapi endpoint

Summary: Sending a GET request to www.engelvoelkers.com/sapi and the server responds with a 500 Internal Server Error which yields a stack trace. Steps To Reproduce: - Enter www.engelvoelkers.com/sapi into your web browser and you can see the stacktrace. https://bugpoc.com/pocbp-VPZDeo2Z I will...

Engel & Völkers Technology GmbH: Publicly accessible .SVN repository allows downloading entire source code

Summary of the Issue The researcher found a publicly accessible SVN repository at https://printshop.engelvoelkers.com/.svn/wc.db Steps to reproduce Go to https://printshop.engelvoelkers.com/.svn/wc.db Impact statement Information disclosure...

Engel & Völkers Technology GmbH: full path disclosure on world.engelvoelkers.com via error messages

Webserver in world.engelvoelkers.com discloses internal path in it's error message Via a browser: http://world.engelvoelkers.com/config/app.php http://world.engelvoelkers.com/connect.php Impact There is no direct impact, however this information can help an attacker identify other vulnerabilities...

Engel & Völkers Technology GmbH: Information Exposure at https://printshop.engelvoelkers.com/

Summary: There is an information exposure through some tmp, txt files that can allow an attacker to download some files from the application. Steps To Reproduce: + There are some files that exposed internal links from the application, inside of these files you can view some .xls that you can...

Engel & Völkers Technology GmbH BBP: Source Code Disclosure at http://service.engelvoelkers.com/alert/_backups/app

Summary: I found the source code of http://service.engelvoelkers.com/, compressed in the file app.gz, which can be downloaded at http://service.engelvoelkers.com/alert/backups/app. It contains the source code, some source code back ups and other sensitive information such as production server mys...

MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service (DOS) Vulnerability

No description provided by source. ?/ MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit Vendor: MA Lighting Technology GmbH Product web page: http://www.malighting.com Affected version: grandMA series 1 onPC Software 6.808 6.801 Summary: The grandMA onPC software...