49 matches found
The vulnerability of the Icinga Web2 PHP framework allows a hacker to gain access to arbitrary files.
The vulnerability of the PHP framework Icinga Web2 exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to arbitrary files that can be read by the Icinga Web2 process...
Unauthorized Access Vulnerability in smart-web2
smart-web2 is a relatively simple OA system. An unauthorized access vulnerability exists in smart-web2, which can be exploited by an attacker to obtain sensitive information...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
Directory traversal
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
CVE-2020-24368
Summary: CVE-2020-24368 affects Icinga Web 2 (Icinga Web2) versions 2.0.0–2.6.4, 2.7.4 and 2.8.2, via a directory traversal vulnerability that allows access to arbitrary files readable by the web process. The issue is fixed in the same product series at versions 2.6.4, 2.7.4 and 2.8.2. Impact (as...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...
web2.mbaa.debtpaypro.com Cross Site Scripting vulnerability
Security Researcher Gh05tPT Helped patch 6841 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting web2.mbaa.debtpaypro.com website and its users. Followin...
web2.gov.mb.ca XSS vulnerability
Open Bug Bounty ID: OBB-661245 Description| Value ---|--- Affected Website:| web2.gov.mb.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
web2.nwwi.nl XSS vulnerability
Open Bug Bounty ID: OBB-619979 Description| Value ---|--- Affected Website:| web2.nwwi.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
web2.mtr.com.br XSS vulnerability
Open Bug Bounty ID: OBB-608022 Description| Value ---|--- Affected Website:| web2.mtr.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
web2.secure-secure.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-494427 Description| Value ---|--- Affected Website:| web2.secure-secure.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
web2.webmail.co.za XSS vulnerability
Vulnerable URL: http://web2.webmail.co.za/login.php?msg=%22%3E%3Cimg%20src=%22fpg.png%22%20onerror=confirm%27XSSPOSED%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 20169 VIP...
web2.webmail.co.za XSS vulnerability
Vulnerable URL: http://web2.webmail.co.za/login.php?task=%22%3E%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 20169 VIP website status:| Yes...
su-web2.nottingham.ac.uk XSS vulnerability
Vulnerable URL: http://su-web2.nottingham.ac.uk/ramsoc/pages/history////committeemember.php?name=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 01.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP websi...
web2.uconn.edu XSS vulnerability
Vulnerable URL: http://web2.uconn.edu/humcal/publicrsvp.php?id=13'"97 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description|...
web2.gov.mb.ca XSS vulnerability
Vulnerable URL: https://web2.gov.mb.ca/bills/search/search.php?searchquery=%3Cscript%3E+alert%28%27OPENBUGBOUNTY%27%29+%3C%2Fscript%3E=Go%21= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...