An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages wit ...
Continue Reading
December 24, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via ...
Continue Reading
December 24, 2022
# Description Hello, this is an endpoint that leaks all the information of the users like names, email, role, and OpenID to an authenticated user # Steps to reproduce ``` 1) build the web app 2) eith ...
Continue Reading
December 24, 2022
This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code ex ...
Continue Reading
December 24, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
December 24, 2022
SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to ...
Continue Reading
December 23, 2022
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:4607-1 advisory. - A vulnerability was found in CRI-O that causes mem ...
Continue Reading
December 23, 2022
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.4. It is, therefore affected by multiple vulnerabil ...
Continue Reading
December 23, 2022
Back to Main
