exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

Files from Nick Decker

First Active2021-01-07
Last Active2021-11-10
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-33816
MD5 | 36528585cba85176debf6b055a43a015
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-33618
MD5 | bf30b9f81613c8df7f06d49443c8edad
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy
Posted Nov 5, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checked therefore an attacker can intercept the HTTP request and change it to a weak password.

tags | exploit, web
MD5 | 4c588e76aba5b784a8b034b13f4d6366
VeryFitPro 3.2.8 Insecure Transit
Posted Jun 17, 2021
Authored by Nick Decker | Site trovent.io

VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.

tags | exploit
MD5 | 04544fb6d5636786b4976e7897ed6282
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.

tags | exploit
MD5 | 100a55f6fdb5a7f8ed0297a5343721ee
HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.

tags | exploit
MD5 | 39b34ab8124120831420fae3c965c4a5
ERPNext 12.18.0 / 13.0.0 Cross Site Scripting
Posted May 11, 2021
Authored by Stefan Pietsch, Nick Decker | Site trovent.io

ERPNext versions 12.18.0 and 13.0.0 suffer from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ac60bdf342b7bb4270793428c1f9045a
ERPNext 12.18.0 / 13.0.0 SQL Injection
Posted May 11, 2021
Authored by Stefan Pietsch, Nick Decker | Site trovent.io

ERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6c329df5e9d8646f43166acb54002a9b
Rocket.Chat 3.7.1 Email Address Enumeration
Posted Jan 7, 2021
Authored by Stefan Pietsch, Trovent Security, Nick Decker | Site trovent.io

Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.

tags | exploit
advisories | CVE-2020-28208
MD5 | bc01b3651990cf22054b8d0175e1705c
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close