15 matches found
Rapid7 Announces Partner of the Year Awards 2023 Winners
It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2023. All our category winners have achieved exceptional growth—demonstrating their dedication to, and collaboration with, the Rapid7 Partner Program throughout the year. “We are incredibly...
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
Title: Path traversal Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-27994 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-28...
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...
OpenAsset Digital Asset Management Cross Site Scripting
Title: Stored cross-site scripting XSS Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.23 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28857 Author: Jack Misiura from The...
OpenAsset Digital Asset Management IP Access Control Bypass
Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.20 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28856 Author: Jack Misiura from The Missing...
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Title: Reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29303 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline:...
OpenAsset Digital Asset Management SQL Injection
Title: Authenticated blind SQL injection SQLi Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.23 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28860 Author: Jack Misiura fr...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability
Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura from The Missing Link Website:...
WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: WordPress WooCommerce - Advanced Order Export plugin. Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/ Vulnerable Version: 3.1.3 Fixed Version: 3.1.4 CVE Number: CVE-2020-11727 Author...
Serv-U FTP Server 15.1.7 CSV Injection
Issue: CSV injection vulnerability CVE: CVE-2019-13181 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv-U 15.1.7 Hotfix 2 Overview The application allowed table entries to contain a string which could be...
Sitecore.Net 8.1 - Directory Traversal Vulnerability
Exploit for asp platform in category web applications Exploit Title: Sitecore.Net 8.1 - Directory Traversal CVE: CVE-2018-7669 Researcher: Chris Moberly at The Missing Link Security Vendor: Sitecore Version: CMS - 8.1 and up earlier versions untested Authentication required: Yes An issue was...
Sitecore.Net 8.1 - Directory Traversal
Sitecore.Net 8.1 - Directory Traversal Exploit Title: Sitecore.Net 8.1 - Directory Traversal Date: 2018-04-23 CVE: CVE-2018-7669 Researcher: Chris Moberly at The Missing Link Security Vendor: Sitecore Version: CMS - 8.1 and up earlier versions untested Authentication required: Yes An issue was...
Universal Media Server 7.1.0 XML Injection
Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...
Sitecore.NET 8.1 Directory Traversal
Sitecore Directory Traversal Vulnerability CVE-2018-7669 reserved An issue was discovered in Sitecore CMS that affects at least 'Sitecore.NET 8.1' rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access...