Andrej Šimko

26 exploits Active since Jan 2021
CVE-2020-13133 WRITEUP MEDIUM WRITEUP
Tufin SecureChange <R19.3 HF3 & R20-1 HF1 - Stored XSS
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1
CVSS 6.1
CVE-2020-13134 WRITEUP MEDIUM WRITEUP
Tufin SecureChange <R19.3 HF3 & R20-1 HF1 - Stored XSS
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1.
CVSS 4.8
CVE-2020-13407 WRITEUP MEDIUM WRITEUP
Tufin SecureTrack < R20-2 GA - Stored/XSS
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3)
CVSS 5.9
CVE-2020-13408 WRITEUP MEDIUM WRITEUP
Tufin SecureTrack < R20-2 GA - Stored/XSS
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3)
CVSS 5.9
CVE-2020-13409 WRITEUP MEDIUM WRITEUP
Tufin SecureTrack < R20-2 GA - Stored/XSS
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)
CVSS 5.9
CVE-2020-13418 WRITEUP MEDIUM WRITEUP
OpenIAM 4.1.0-4.2.0.2 - Stored Cross-Site Scripting in Add New User Feature
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
CVSS 6.1
CVE-2020-13419 WRITEUP MEDIUM WRITEUP
OpenIAM 4.1.0-4.2.0.2 - Path Traversal in Batch Task
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
CVSS 5.3
CVE-2020-13420 WRITEUP CRITICAL WRITEUP
OpenIAM 4.1.0-4.2.0.2 - Remote Code Execution via Groovy Script
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
CVSS 9.8
CVE-2020-13421 WRITEUP CRITICAL WRITEUP
OpenIAM <4.2.0.3 - Privilege Escalation
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
CVSS 9.8
CVE-2020-13422 WRITEUP HIGH WRITEUP
OpenIAM <4.2.0.3 - Privilege Escalation
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
CVSS 8.1
CVE-2020-13460 WRITEUP HIGH WRITEUP
Tufin SecureTrack < R20-2 - Cross-Site Request Forgery
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
CVSS 8.8
CVE-2020-13461 WRITEUP MEDIUM WRITEUP
Tufin SecureTrack - Info Disclosure
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames".
CVSS 4.3
CVE-2020-13462 WRITEUP MEDIUM WRITEUP
Tufin SecureChange <R20-2 GA - IDOR
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
CVSS 5.7
CVE-2020-24662 WRITEUP MEDIUM WRITEUP
SmartStream Transaction Lifecycle Management Reconciliation Premium < 3.1.0 - Cross-Site Scripting
SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.
CVSS 5.4
CVE-2020-24663 WRITEUP MEDIUM WRITEUP
Trace Financial CRESTBridge <6.3.0.02 - XSS
Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
CVSS 5.4
CVE-2020-24667 WRITEUP HIGH WRITEUP
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
CVSS 8.8
CVE-2020-24668 WRITEUP MEDIUM WRITEUP
Trace Financial Crest Bridge <6.3.0.02 - XSS
Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
CVSS 5.4
CVE-2020-24671 WRITEUP HIGH WRITEUP
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
CVSS 8.8
CVE-2021-31927 WRITEUP MEDIUM WRITEUP
Annex Cloud Loyalty Experience Platform < 2021.1.0.1 - Authenticated Insecure Direct Object Reference
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2.
CVSS 4.3
CVE-2021-31928 WRITEUP HIGH WRITEUP
Annex Cloud Loyalty Experience Platform <2021.1.0.1 - Privilege Escalation
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.
CVSS 8.8
CVE-2021-31929 WRITEUP MEDIUM WRITEUP
Annexcloud Loyalty Experience Platform < 2021.1.0.1 - Incorrect Permission Assignment
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.
CVSS 4.3
CVE-2021-33031 WRITEUP LOW WRITEUP
LabCup <v2_next_18022 - Privilege Escalation
In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03.
CVSS 3.1
CVE-2022-26146 WRITEUP MEDIUM WRITEUP
Tricentis qTest < 10.4 - Authenticated Stored Cross-Site Scripting
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
CVSS 5.4
CVE-2022-31321 WRITEUP CRITICAL WRITEUP
Bolt < 5.7 - Denial of Service via Foldername Parameter
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.
CVSS 9.1
CVE-2022-34530 WRITEUP MEDIUM WRITEUP
Backdrop CMS < 1.22.0 - Username Enumeration via Password Reset Request
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
CVSS 5.3