Bitrix24 安全漏洞

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24, which originates from authenticated remote code execution, an...

EUVD-2020-20690

Malware in sbrugna...

EUVD-2023-23939

Malicious code in bioql PyPI...

EUVD-2023-23937

Malicious code in bioql PyPI...

EUVD-2023-23936

Malicious code in bioql PyPI...

CVE-2023-1717

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

The vulnerability of the Bitrix24 business management service lies in the absence of a proper HTTP response header, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to the absence of a MIME response header. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code by uploading a created HTML file through...

The vulnerability in the component bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js of the main service module for managing Bitrix24 allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the component bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js, which is part of the main service for managing Bitrix24, relates to uncontrolled changes to prototype object attributes. Exploiting this vulnerability could allow an attacker to execute...

PT-2023-6691 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: The issue is related to prototype pollution in the bitrix/templates/bitrix24/components/bitrix/menu/left vertical/script.js component of Bitrix24. This allows remote attackers to execute arbitrary...

PT-2023-6690

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description The software contains an improper file stream access issue in the /desktop app/file.ajax.php?action=uploadfile endpoint. This allows unauthenticated remote attackers to cause a denial-of-service condition ...

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

Bitrix24 Code Issue Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A code issue vulnerability exists in Bitrix24 version 20.0.975 and prior versions. The vulnerability stems...