Filtered by vendor Globalnorthstar
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29394 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request. | |||||
| CVE-2021-29398 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | |||||