what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Nick Decker

First Active2021-01-07
Last Active2021-11-10
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-33816
SHA-256 | 0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-33618
SHA-256 | 6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032beb
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy
Posted Nov 5, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checked therefore an attacker can intercept the HTTP request and change it to a weak password.

tags | exploit, web
SHA-256 | 76436b526ba9f4f32e343d01e9e2fa685e376cf002a7d94b46c1f713090fd4b3
VeryFitPro 3.2.8 Insecure Transit
Posted Jun 17, 2021
Authored by Nick Decker | Site trovent.io

VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.

tags | exploit
SHA-256 | 9e9f6ef8313838133d2645a4ff7f6a0403b2a9655c9a0a2e6218c1e2d72dce6d
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.

tags | exploit
SHA-256 | 108eb293e5b0d2d18abfd3b3ef0cfabcfe3878c71ef3e5fb6ce42e26588c10f0
HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.

tags | exploit
SHA-256 | 42f3483603f56524c0a83a32c43ca70dcb2416daaa8123abc8aa7afb35f560fe
ERPNext 12.18.0 / 13.0.0 Cross Site Scripting
Posted May 11, 2021
Authored by Stefan Pietsch, Nick Decker | Site trovent.io

ERPNext versions 12.18.0 and 13.0.0 suffer from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 699a6d07a77fc3e81b2deafe5caea2a355ca696143d694138925ef128a29180b
ERPNext 12.18.0 / 13.0.0 SQL Injection
Posted May 11, 2021
Authored by Stefan Pietsch, Nick Decker | Site trovent.io

ERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 523163a0deb062c88867d1adebaf1f37f29d520b23f43bd038e1cf829c50a149
Rocket.Chat 3.7.1 Email Address Enumeration
Posted Jan 7, 2021
Authored by Stefan Pietsch, Trovent Security, Nick Decker | Site trovent.io

Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.

tags | exploit
advisories | CVE-2020-28208
SHA-256 | 023ad89f274a1ee4b96e849967a0021876dca5479963125bc3acb45d9a8cf6fa
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close