14 matches found
EUVD-2018-3506
Malware in sbrugna...
The vulnerability of the osTicket customer support system, related to the lack of mechanisms to neutralize elements in the CSV file, allows a violator to execute arbitrary code.
The vulnerability of the osTicket customer support system lies in the lack of a mechanism to eliminate certain elements in the CSV file specifically, the fields “Name” and “Internal Notes” in the “Users” tab. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
Code injection
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
PT-2021-11840 · Batflat · Batflat
Name of the Vulnerable Software and Affected Versions: Batflat version 1.3.6 Description: The issue allows an authenticated user to perform code injection, and consequently Remote Code Execution, via the input fields of the Users tab. To exploit this, one must login to the administration panel an...
osTicket 1.12 Formula Injection
Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...
CVE-2018-11475
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser...
Design/Logic Flaw
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser...
CVE-2018-11475
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser...
CVE-2018-11475
Summary : Monstra CMS 3.0.4 is affected by a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. Impact : a user’s active session remains valid in other browsers after a password change (per the CVE descri...
XenMobile: 500 Server Internal Error (exid:16200BC6AC0-503E3024D00ABC1E4C352FFA2DAD6AC0) when we click on Manage > User
When you click Users tab on XenMobile server receiving error - 500 Server Internal Error exid:16200BC6AC0-503E3024D00ABC1E4C352FFA2DAD6AC0...