Showing 1 - 9 of 9

Files from Nick Decker

First Active	2021-01-07
Last Active	2021-11-10

Dolibarr ERP / CRM 13.0.2 Remote Code Execution: Posted Nov 10, 2021; Authored by Nick Decker | Site trovent.io; Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2021-33816; SHA-256 | 0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216; Download | Favorite | View

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting: Posted Nov 10, 2021; Authored by Nick Decker | Site trovent.io; Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2021-33618; SHA-256 | 6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032beb; Download | Favorite | View

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy: Posted Nov 5, 2021; Authored by Nick Decker | Site trovent.io; HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checked therefore an attacker can intercept the HTTP request and change it to a weak password.; tags | exploit, web; SHA-256 | 76436b526ba9f4f32e343d01e9e2fa685e376cf002a7d94b46c1f713090fd4b3; Download | Favorite | View

VeryFitPro 3.2.8 Insecure Transit: Posted Jun 17, 2021; Authored by Nick Decker | Site trovent.io; VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.; tags | exploit; SHA-256 | 9e9f6ef8313838133d2645a4ff7f6a0403b2a9655c9a0a2e6218c1e2d72dce6d; Download | Favorite | View

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover: Posted Jun 4, 2021; Authored by Nick Decker | Site trovent.io; HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.; tags | exploit; SHA-256 | 108eb293e5b0d2d18abfd3b3ef0cfabcfe3878c71ef3e5fb6ce42e26588c10f0; Download | Favorite | View

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration: Posted Jun 4, 2021; Authored by Nick Decker | Site trovent.io; HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.; tags | exploit; SHA-256 | 42f3483603f56524c0a83a32c43ca70dcb2416daaa8123abc8aa7afb35f560fe; Download | Favorite | View

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting: Posted May 11, 2021; Authored by Stefan Pietsch, Nick Decker | Site trovent.io; ERPNext versions 12.18.0 and 13.0.0 suffer from reflective and persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 699a6d07a77fc3e81b2deafe5caea2a355ca696143d694138925ef128a29180b; Download | Favorite | View

ERPNext 12.18.0 / 13.0.0 SQL Injection: Posted May 11, 2021; Authored by Stefan Pietsch, Nick Decker | Site trovent.io; ERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 523163a0deb062c88867d1adebaf1f37f29d520b23f43bd038e1cf829c50a149; Download | Favorite | View

Rocket.Chat 3.7.1 Email Address Enumeration: Posted Jan 7, 2021; Authored by Stefan Pietsch, Trovent Security, Nick Decker | Site trovent.io; Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.; tags | exploit; advisories | CVE-2020-28208; SHA-256 | 023ad89f274a1ee4b96e849967a0021876dca5479963125bc3acb45d9a8cf6fa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days