EUVD-2023-25488

Malicious code in bioql PyPI...

The vulnerability of the Device Admin App on the ctrlX OS operating system allows a perpetrator to compromise the integrity of the vulnerable application’s configuration.

The vulnerability of the Device Admin App on the ctrlX OS lies in the improper validation of the data entered by the user against a list of allowed values. Exploiting this vulnerability allows an attacker to compromise the integrity of the vulnerable application by sending a specially crafted HTT...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

The vulnerability of the Device Admin App operating system ctrlX OS allows a hacker to recover passwords of other users.

The vulnerability of the Device Admin App on the ctrlX OS operating system is related to insufficient calculation of the password hash. Exploiting this vulnerability allows a malicious actor to retrieve passwords of other users by sending specially crafted HTTP requests...

The vulnerability of the Device Admin App operating system ctrlX OS allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks by sending specially crafted HTTP requests...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to trigger a service failure.

The vulnerability of the Device Admin App on the ctrlX OS operating system relates to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted HTTP requests remotely...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

CVE-2023-21320

In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

The vulnerability of the Certificates and Keys module of the Device Admin App for the ctrlX OS operating system allows a perpetrator to write arbitrary files.

The vulnerability of the Certificates and Keys module in the Device Admin app of the ctrlX OS operating system is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by sending specially crafted HTTP...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

Citrix Virtual Apps and Desktops - Unable to EDIT Published DualAdmin APP-V application in WebStudio

Admin cannot edit some of the published applications. Affected applications: Dual Admin APP-V Applications Error displayed: More details: Action Name: APPApplicationPropertiesException: StudioErrorId : UnknownError Error Source : CitrixAppVService Sdk Error Message : Cannot process command becaus...

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profilecrud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the atta...

Petrol Pump Management Software Code Issue Vulnerability

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A code issue vulnerability exists in Petrol Pump Management Software version 1.0, which stems from an unrestricted upload issue in the /admin/app/product.php file...

PT-2023-29660 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v3.5.0 Description: A stored cross-site scripting issue exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page. If exploited, an arbitrary script may be executed on the web browser of...

PT-2023-31487 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page. This could allow an arbitrary...

CVE-2023-21320

In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Malwarebytes Admin update: New Detection screens to manage threats!

We released version 1.2 of the Malwarebytes Admin app for iOS and Android last week, adding new Detection features make it easier to see and manage threats. Designed as a companion to the Nebula console, Malwarebytes Admin allows administrators to quickly review, investigate, and resolve security...