Category Archives: Advisories

ZDI-24-803: Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6153.

Read More

Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6

Read Time:23 Second

Posted by Andrey Stoykov on Jun 15

# Exploit Title: Business Logic Flaw and Username Enumeration in
spa-cartcmsv1.9.0.6
# Date: 6/2024
# Exploit Author: Andrey Stoykov
# Version: 1.9.0.6
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html
<http://msecureltd.blogspot.com/>

Description

– It was found that the application suffers from business logic flaw

– Additionally the application is vulnerable to username…

Read More