Webapp V.7.0.3

5d8a1e7654
a) In the customer portal, clicking the user name will allow you to edit your display name. If an administrator sees the list of users an alert box will pop up. Home About the Exploit Database Exploit Database Statistics Exploits Remote Exploits Web Application Exploits Local & Privilege Escalation Exploits PoC & Denial of Service Exploits Shellcode Papers Google Hacking Database Submit Search Cerb 7.0.3 - CSRF Vulnerability EDB-ID: 38074 CVE: 2015-6545 OSVDB-ID: 126097 Tags: Vulnerability EDB Verified: Author: High-Tech Bridge SA Published: 2015-09-02 Download Exploit: Source Raw Download Vulnerable App: Previous Exploit Next Exploit Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Version(s): 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 [without technical details] Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 2015 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2015-6545 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( ) –––––––––––––––––––––––––––––––––––––––––––––––- Advisory Details: High-Tech Bridge Security Research Lab discovered CSRF vulnerability in Cerb platform, which can be exploited to perform Cross-Site Request Forgery attacks against administrators of vulnerable web application to add administrate accounts into the system. b) In the Forums the content section is vulnerable when creating a new topic. [2] Cerb - - Cerb is a fast and flexible platform for enterprise collaboration, productivity, and automation. #4 Vulnerability: Hibernate Query Language (HQL) injection CVE-2016-1595 Constraints: User / client account needed Affected versions: - NSD 7.1.0 - NSD 7.0.3 - NSD 6.5 - Possibly earlier versions GET /LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile?attachmentId=1&entityName= Input is passed directly to Hibernate (line 125 of DownloadAction.class): List attachments = ((com.livetime.Session)session()).getDbSession().createQuery(new StringBuilder().append("from ").append(hasEn).append(" as attach where attach.attachmentId = ").append(hasId.intValue()).toString()).list(); hasEn is entityName (string) and hasId is attachmentId (integer) #5 Vulnerability: Stored Cross Site Scripting (XSS) CVE-2016-1596 Constraints: User / client account needed Affected versions: - NSD 7.1.0 - NSD 7.0.3 - NSD 6.5 - Possibly earlier versions Several sections of the web application are vulnerable to stored cross site scripting. : webapp v.7.0.3 * ( ): 178 * : 645 * (): 1535 * : Avast. The vulnerabilities below are just examples as the vulnerability is present in many different pages.

OSVDB-ID: N/A EDB Verified: Author: Pedro Ribeiro Published: 2016-04-11 Download Exploit: Source Raw Download Vulnerable App: N/A Previous Exploit Next Exploit >> Multiple vulnerabilities in Novell Service Desk 7.1.0, 7.0.3 and 6.5 >> Discovered by Pedro Ribeiro (pedribgmail.com), Agile Information Security ================================================================================= Disclosure: 30/03/2016 / Last updated: 10/04/2016 >> Background on the affected products: "Novell Service Desk 7.1.0 is a complete service management solution that allows you to easily monitor and solve services issues so that there is minimal disruption to your organization, which allows users to focus on the core business. WebAPP v.7.0.3WebAPP v.7.0.3 . 2011 3 . Zip . Copyright 2016 Exploit Database . The fields tfaClientFirstName and tfaClientLastName are also vulnerable to stored XSS. The path specified in the filename parameter can be traversed using ./ characters and upload a JSP file to the Tomcat directory. .. POST /LiveTime/WebObjects/LiveTime.woa/wo/7.0.53.19.0.2.7.0.3.0.0.1 HTTP/1.1 Content-Type: multipart/form-data; boundary=–––––––––––––-2477470717121 Content-Length: 533 ––––––––––––––-2477470717121 Content-Disposition: form-data; name="0.53.19.0.2.7.0.3.0.0.1.1.1.4.0.0.23"; filename="././srv/tomcat6/webapps/LiveTime/bla5.jsp" Content-Type: application/octet-stream Hello World Hello World Today is: ––––––––––––––-2477470717121 Content-Disposition: form-data; name="ButtonUpload" Upload ––––––––––––––-2477470717121– #2 Vulnerability: Information disclosure (Download System logs as any authenticated user - even unprivileged customers) CVE-2016-1594 Constraints: User / client account needed Affected versions: - NSD 7.0.3 - NSD 6.5 - Possibly earlier versions GET /LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadLogFiles Contains the full error log, license and system information (operating system, java version, database, etc). WebAPP v.7.0.3.

winfromusb 1.0 beta 9kerala sexstories manglishOutlaw Trail: The Treasure of Butch Cassidy (2006): download high speedAmerica a narrative history vol 2white nights 2012 korean english subtitles.3gpfilm chhote sarkar.comrct-467.mp4-addsbodyguard WHITNEY HOUSTON movie FREE download hitTeenFidelity.11.07.07.Jessie.Volt.Foreign.Exchange.Whore.Solo.XXX.1080p.WMV-KTR.part2.PORNOH.INFO.rLes chevaliers de baphomet apk maniaragnarok offline ep 18 downloadbudak sekolah kena rogol beramai ramai 3gp kingbfdcmdownload webcam laboratory 6.4.752 multilingual.rar completofacial abuse collectionkacorot & jason minx 1elli nesak ensahlos padrinos magicos hentai youporn 3routing bits handbook sp.rarFrench nudist Colony junior Beauty Contest.mpg3 g p king.com