{"vulnerability": "cve-2018-1306", "sightings": [{"uuid": "498f36ec-c528-424d-a6e1-2df85c2d3d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-13060", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/434", "content": "#exploit\n1. CVE-2018-13060:\nEasy!Appointments - Captcha bypass\nhttps://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass\n\n2. CVE-2018-13063:\nEasy!Appointments - Multiple confidential information leakage\nhttps://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage", "creation_timestamp": "2024-05-07T23:20:27.000000Z"}, {"uuid": "82bc7cb5-b97f-4ae2-abe2-6e5afce142ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-13063", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/434", "content": "#exploit\n1. CVE-2018-13060:\nEasy!Appointments - Captcha bypass\nhttps://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass\n\n2. CVE-2018-13063:\nEasy!Appointments - Multiple confidential information leakage\nhttps://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage", "creation_timestamp": "2024-05-07T23:20:27.000000Z"}, {"uuid": "56ffc0f7-23b1-46cf-b5a5-bcc8548255b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-13060", "type": "seen", "source": "https://t.me/cibsecurity/10518", "content": "ATENTION\u203c New - CVE-2018-13060\n\nEasy!Appointments 1.3.0 has a Guessable CAPTCHA issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-16T17:46:03.000000Z"}, {"uuid": "44612db7-3c02-45cf-8636-5a7b5d8d973e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-13063", "type": "seen", "source": "https://t.me/cibsecurity/10517", "content": "ATENTION\u203c New - CVE-2018-13063\n\nEasy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-16T17:46:03.000000Z"}, {"uuid": "8eebc6a9-5873-497f-a5c3-61e1778fc7fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1306", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/204", "content": "#exploit\n1. CVE-2018-1304:\nSecurity constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1-9.0.4, 8.5.0-8.5.27, 8.0.0.RC1-8.0.49, 7.0.0-7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them\nhttps://github.com/knqyf263/CVE-2018-1304\nhttps://github.com/thariyarox/tomcat_CVE-2018-1304_testing \n\n2. CVE-2018-1306:\nThe PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload\nhttps://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306 \n\n3. CVE-2018-1313:\nIn Apache Derby 10.3.1.4-10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control\nhttps://github.com/tafamace/CVE-2018-1313", "creation_timestamp": "2022-06-18T11:47:22.000000Z"}]}