Superior125

3 exploits Active since Jan 2024
CVE-2023-49801 WRITEUP MEDIUM WRITEUP
Lifplatforms Lif Auth Server < 1.4.0 - Path Traversal
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.
CVSS 4.2
CVE-2024-45050 WRITEUP HIGH WRITEUP
Ringer Server <1.3.1 - Info Disclosure
Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.
CVSS 7.1
CVE-2024-47768 WRITEUP HIGH WRITEUP
Lif Authentication Server <1.7.3 - Info Disclosure
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.
CVSS 8.1