Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference

Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...

CVE-2020-35737

In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...

Newgen Egov Correspondence Management System Security Breach

Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...

southburn Web (products.php) SQL Injection Vulnerability

No description provided by source. .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : southburn Web http://southburn.ca/ .:. Bug Type : Sql InjectionMysql .:. Dork : Powered by: Southburn === Exploit ===...

CVE-2011-3645

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via 1 a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or 2 a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of ...

CVE-2011-3645

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via 1 a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or 2 a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of ...