Operat0r

2 exploits Active since Apr 2019

CVE-2019-13063 EXPLOITDB HIGH python WORKING POC

Sahipro Sahi Pro - Path Traversal

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.

CVSS 7.5

View Code

CVE-2019-10273 EXPLOITDB MEDIUM text WRITEUP

Zohocorp Manageengine Servicedesk Plus - Authentication Bypass

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.

CVSS 4.3

View Code