Category: Blog

  • Raise a request on behalf of other users Vulnerability in SMAX/AMX/HCMX

    CVE-2023-32260 Product & Service Introduction: OpenText SMAX is comprehensive service management software that delivers efficient IT Service Management (ITSM), IT Asset Management (ITAM), and Enterprise Service Management (ESM). Powered by embedded analytics and machine learning, it is easy to use, easy to extend, and easy to run anywhere. Technical Description: Security vulnerability has been identified…

  • SMAX/AMX VULNERABILITY Submit Ideas on behalf of other users

    CVE-2023-32259 Product & Service Introduction: OpenText SMAX is comprehensive service management software that delivers efficient IT Service Management (ITSM), IT Asset Management (ITAM), and Enterprise Service Management (ESM). Powered by embedded analytics and machine learning, it is easy to use, easy to extend, and easy to run anywhere. Technical Description: A security vulnerability exists within…

  • Privilege Escalation in Bio star 2 Exploitable through Batch Edit Option

    CVE-2023-XXXX Vulnerability Description: The Bio star 2 web application contains multiple operator levels, each with different privileges. The “Administrator” level has full permissions, while the “User Operator” level does not have all privileges. However, I have discovered a vulnerability that allows an attacker to escalate their privilege from “User Operator” to “System Administrator.” Exploiting this…

  • Active Directory services account with plaintext password

    CVE-2022-XXXX Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users…

  • Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User’s Data

    Summary: The following write-up explains a vulnerability I found on Instagram. Due to an Instagram “Leads Submissions” flaw, I was able to export users’ data into a CSV file sent to my email. If you run a business Instagram account, you can collect information about your followers with a form/lead. For example, a store may…

  • Creating a new user with admin Privilege

    CVE-2023-31923 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users…

  • Privilege escalation from user operator to System administrator

    CVE 2022-38351 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition,…

  • PII Exposure On Oracle E-Business Suite

    Summary: CVE-2022-21567 On 23 May 2022 I discovered and reported a security issue on one of Oracle Products “Oracle E-Business Suite” the vulnerability has been patched on the latest version Oracle security team recommend using the latest version. Technical Description: PII Exposure was found on “Oracle E-Business Suite” The issue allows an authenticated attacker to…