MK -AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g.
a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. … A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim’s Web browser within the security context of …
Mk -Auth is a Brazilian Management System for Internet Service Providers used to control client access and permissions via a web interface panel. Vulnerability Description: It is possible to leak other user’s sensitive information like CPF (Personal Number used in Brazil) by manipulating the number of the invoice requested.
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly. View Analysis Description, MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g.
a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. Type: NVD-CWE-noinfo, Dork for search any mkauth pages The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.
exploit _mt6765. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. with 28 additions and 0 deletions .
Description. The application suffers from an unauthenticated remote code execution. The vulnerability is caused due to lack of verification when uploading files with QH.aspx that can be written in any location by utilizing the ‘remotePath’ parameter to traverse through directories. Abusing the upload action and the ‘fileToUpload’ parameter, an …
Title: Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution. Advisory ID: ZSL-2020-5571. Type: Local/Remote. Impact: System Access, DoS. Risk: (5/5), Google’s free service instantly translates words, phrases, and web pages between English and over 100 other languages.
