29 matches found
Eramba Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...
Eramba 3.19.1 Remote Command Execution Exploit
Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community edition Vendor: Eramba Limited,...
Eramba 3.19.1 Remote Command Execution
Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...
Micro Focus GroupWise Session ID Disclosure Vulnerability
Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the...
Micro Focus GroupWise Session ID Disclosure
Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...
Polar Flow Android 5.7.1 Secret Disclosure Vulnerability
Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application fi.polar.polarflow Affected version: 5.7.1...
Polar Flow Android 5.7.1 Secret Disclosure
Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...
Zepp 6.1.4-play User Account Enumeration
Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...
Zepp 6.1.4-play User Account Enumeration Vulnerability
Zepp 6.1.4-play User Account Enumeration User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application com.huami.watch.hmwatchmanager Tested...
Vivellio 1.2.1 User Account Enumeration Vulnerability
Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...
Vivellio 1.2.1 User Account Enumeration
Trovent Security Advisory 2108-01 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability
OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection
Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability
Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...
Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability
Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits: Trovent Security GmbH, Nick Decker Detailed...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Trovent Security Advisory 2106-01 Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2106-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2106-01 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr...
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy
Trovent Security Advisory 2104-03 Missing server-side password policy Overview Advisory ID: TRSA-2104-03 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-03 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...
VeryFitPro 3.2.8 Insecure Transit
Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...