12 matches found
EUVD-2024-44047
Malicious code in bioql PyPI...
CVE-2024-4423
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
CVE-2024-4425
The access control in CemiPark software stores integration e.g. FTP or SIP credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vend...
CVE-2024-4424
The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...
CVE-2024-4425
The access control in CemiPark software stores integration e.g. FTP or SIP credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vend...
CVE-2024-4423
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
CVE-2024-4425
CVE-2024-4425 affects CemiPark software (versions 4.5, 4.7, 5.03 and potentially others). The root cause is improper handling of credentials, with integration credentials (e.g., FTP or SIP) stored in plain-text. An attacker who gains unauthorized access to the device can retrieve clear-text passw...
CVE-2024-4424
CVE-2024-4424 affects CemiPark software (versions 4.5, 4.7, 5.03 and potentially others) where input data is not properly validated, enabling stored cross-site scripting (XSS). The vulnerability arises from insufficient validation of user-entered data in the access control/data entry pathways, al...
CVE-2024-4423 Authentication bypass in CemiPark
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
CVE-2024-4423 Authentication bypass in CemiPark
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
PT-2024-31058 · Cemipark · Cemipark
Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5, 4.7, 5.03 Description: The access control in CemiPark software does not properly validate user-entered data, allowing for authentication bypass. An attacker with network access to the login panel can log in wit...
PT-2024-31076 · Cemipark · Cemipark
Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5 through 5.03 Description: The access control in CemiPark software stores integration credentials, such as FTP or SIP, in plain-text. An attacker who gains unauthorized access to the device can retrieve clear tex...