Joel Aviad Ossi - Security Researcher - Exploit Intelligence Platform

CVE-2024-58343 WRITEUP MEDIUM WORKING POC

Vision Helpdesk <5.7.0 - Deserialization

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

CVSS 4.3

View Code

CVE-2020-7959 EXPLOITDB MEDIUM python WORKING POC

LabVantage LIMS 8.3 - Info Disclosure

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

CVSS 5.3

View Code

CVE-2020-6845 EXPLOITDB MEDIUM text WORKING POC

TopManage OLK 2020 - DOM-Based Cross-Site Scripting via Session Cookie

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.

CVSS 6.1

View Code

CVE-2020-6844 EXPLOITDB HIGH text WORKING POC

TopManage OLK 2020 - Cross-Site Request Forgery in Login

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.

CVSS 8.8

View Code