-
Privilege Escalation in Bio star 2 Exploitable through Batch Edit Option
CVE-2023-XXXX Vulnerability Description: The Bio star 2 web application contains multiple operator levels, each with different privileges. The “Administrator” level has full permissions, while the “User Operator” level does not have all privileges. However, I have discovered a vulnerability that allows an attacker to escalate their privilege from “User Operator” to “System Administrator.” Exploiting this […]
-
Active Directory services account with plaintext password
X Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]
-
Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User’s Data
Summary: The following write-up explains a vulnerability I found on Instagram. Due to an Instagram “Leads Submissions” flaw, I was able to export users’ data into a CSV file sent to my email. If you run a business Instagram account, you can collect information about your followers with a form/lead. For example, a store may […]
-
Creating a new user with admin Privilege
CVE-2023-31923 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]
-
Privilege escalation from user operator to System administrator
CVE 2022-38351 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, […]
-
PII Exposure On Oracle E-Business Suite
Summary: CVE-2022-21567 On 23 May 2022 I discovered and reported a security issue on one of Oracle Products “Oracle E-Business Suite” the vulnerability has been patched on the latest version Oracle security team recommend using the latest version. Technical Description: PII Exposure was found on “Oracle E-Business Suite” The issue allows an authenticated attacker to […]
:/