all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Visual Planning 8 Authentication Bypass

Add to bookmarks
April 5, 2024, 6:26 p.m. |

Packet Storm packetstormsecurity.com

Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.

access accounts administrators application attackers authentication authentication bypass bypass can case compromised context exploit hosting install malicious modules order password password reset planning reset server server hosting unauthenticated weakness

Visit resource

More from packetstormsecurity.com / Packet Storm

Packet Storm New Exploits For April, 2024 17 hours ago | packetstormsecurity.com
april archive exploits packet +2
Ubuntu Security Notice USN-6760-1 17 hours ago | packetstormsecurity.com
attacker data denial of service file +11
Kernel Live Patch Security Notice LSN-0103-1 17 hours ago | packetstormsecurity.com
attacker con data expose +20
Microsoft PlayReady Cryptography Weakness 17 hours ago | packetstormsecurity.com
attack beyond cryptography extraction +15
Online Tours And Travels Management System 1.0 SQL Injection 17 hours ago | packetstormsecurity.com
injection management management system sql +6
Qantas App Glitch Sees Boarding Passes Fly To Other Accounts 17 hours ago | packetstormsecurity.com
accounts app data loss flaw +4
Adobe Adds Content Credentials And Firefly To Bug Bounty Program 17 hours ago | packetstormsecurity.com
adobe bounty bug bug bounty +5
Google Boosts Bug Bounty Payouts Tenfold In Mobile App Security Push 17 hours ago | packetstormsecurity.com
app bounty bug bug bounty +6
London Drugs Pharmacy Closes All Stores To Respond To Cyber Incident 17 hours ago | packetstormsecurity.com
britain cyber cyber incident data loss +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs