PT-2025-30597 · '1С' · 1С:Предприятие

Уязвимость технологической платформы «1С:Предприятие 8» связана с недостатками процедуры авторизации. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к системе от имени произвольного пользователя...

CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter...

PT-2021-19235 · 1с · 1С:Предприятие +1

Name of the Vulnerable Software and Affected Versions: 1C:Enterprise 8 versions prior to 8.3.17.1851 Description: The issue concerns the Web server in 1C:Enterprise 8, which sends base64 encoded credentials in the creds URL parameter. Recommendations: For versions prior to 8.3.17.1851, update to...

Mail.ru: Bitbucket public repo leaking credentials from the 1C Enterprise system used by Samokat

Application configuration data related to Samokat project was leaked on github.com...

PT-2015-18: XML External Entity Injection in 1С:Enterprise

The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in the 1C: Enterprise application. This vulnerability allows an attacker to access the internal network resources, file system, and cause a denial of service attack. All XML parsers are...

1C: Arcadia Internet Store 1.0 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this...

1C: Arcadia Internet Store 1.0 Show Path Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2904/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this...