Menu

Improved exploit search engine. Try python and hit enter

"LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference"

Author

0v3rride

Platform

multiple

Release date

2019-01-28

Release Date Title Type Platform Author
2019-03-21 "Rails 5.2.1 - Arbitrary File Content Disclosure" webapps multiple NotoriousRebel
2019-03-19 "Google Chrome < M73 - FileSystemOperationRunner Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - MidiManagerWin Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Double-Destruction Race in StoragePartitionService" dos multiple "Google Security Research"
2019-03-18 "BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)" remote multiple Metasploit
2019-03-15 "NetData 1.13.0 - HTML Injection" webapps multiple s4vitar
2019-03-14 "Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution" remote multiple sud0woodo
2019-03-11 "Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)" webapps multiple AkkuS
2019-03-08 "OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-11 "OpenSSH SCP Client - Write Arbitrary Files" remote multiple "Harry Sintonen"
2018-03-28 "TeamCity < 9.0.2 - Disabled Registration Bypass" remote multiple allyshka
2019-10-25 "Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)" remote multiple allyshka
2019-03-01 "tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - FileWriterImpl Use-After-Free" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - PaymentRequest Service Use-After-Free" dos multiple "Google Security Research"
2019-02-22 "Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution" webapps multiple "Chris Anastasio"
2019-02-22 "WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter" dos multiple "Google Security Research"
2019-02-18 "Comodo Dome Firewall 2.7.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Apache CouchDB 2.3.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "M/Monit 3.7.2 - Privilege Escalation" webapps multiple "Dolev Farhi"
2019-02-11 "Indusoft Web Studio 8.1 SP2 - Remote Code Execution" remote multiple "Jacob Baines"
2019-02-06 "Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows" dos multiple "Google Security Research"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic" dos multiple "Google Security Research"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46254/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference (IDOR)
# Google Dork: /runJob.html?jobId=<#>
# Date: 01/22/2019
# Exploit Author: 0v3rride
# Vendor Homepage: https://docs.logonbox.com/index.html
# Software Link: N/A
# Version: >= 1.2 <= 1.4-RG3
# Tested on: Linux/Apache Wicket
# CVE: 2019-6716

Summary of issue submitted to CVE MITRE:
An unauthenticated Insecure Direct Object Reference (IDOR) vulnerability in LogonBox Limited's (formerly Nervepoint Technologies) Access Manager web application allows a remote attacker to enumerate internal Active Directory usernames. It also allows for the possibility to enumerate Active Directory group names and altering of back-end server jobs (backup and synchronization jobs) depending on the configuration of the system. This is done via the manipulation of the jobId HTTP parameter in an HTTP GET request. This issue affects Access Manager versions >= 1.2 <= 1.4-RG3 and has been rectified in versions >= 1.4-RG4.

PoC examples:
https://host.example.org/runJob.html?jobId=<#>

E.g.
https://host.example.org/runJob.html?jobId=5


0v3rride