23 matches found
EUVD-2022-45850
Malicious code in bioql PyPI...
EUVD-2022-45848
Malicious code in bioql PyPI...
EUVD-2022-51468
Malicious code in bioql PyPI...
EUVD-2022-45849
Malicious code in bioql PyPI...
CVE-2022-4098
Multiple Wiesemann products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting...
Wiesemann & Theis ComServer Series Authentication Bypass by Spoofing (CVE-2022-4098)
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
Wiesemann & Theis ComServer Series Missing Authentication for Critical Function (CVE-2022-42785)
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. This plugin only works with Tenable.ot. Please visit...
CVE-2022-4098
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
CVE-2022-4098
CVE-2022-4098 affects Wiesemann & Theis ComServer Series. The issue is an authentication bypass via IP spoofing: after a user logs in to the WBM, an unauthenticated attacker on the same subnet can obtain the session ID and, by crafting modified HTTP GET requests, change settings, potentially taki...
PT-2022-25649 · Wiesemann&Theis · Wiesemann&Theis Comserver Series
Name of the Vulnerable Software and Affected Versions: Wiesemann&Theis ComServer Series affected versions not specified Description: The issue allows an unauthenticated attacker in the same subnet to bypass authentication through IP spoofing. After a user logs in to the WBM of the Com-Server, the...
CVE-2022-42785
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request...
Authentication flaw
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request...
CVE-2022-42786
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage...
CVE-2022-42787
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...
Design/Logic Flaw
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage...
Design/Logic Flaw
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...
CVE-2022-42787
Wiesemann & Theis Comserver Series (W&T Comserver) is affected by CVE-2022-42787 due to using a small number space for session IDs. After a user logs in, an unauthenticated remote attacker can brute-force a valid session ID to gain access to the user’s account on the device. User interaction is r...
CVE-2022-42786
CVE-2022-42786 concerns the Wiesemann & Theis ComServer Series web interface. The vulnerability is an XSS flaw in the configuration webpage title, allowing an authenticated remote attacker to inject and execute arbitrary web scripts/HTML. The root cause is described in a few sources as an imprope...
CVE-2022-42785
CVE-2022-42785 affects Wiesemann & Theis ComServer Series (serial device servers). The authenticated bypass allows an unauthenticated remote attacker to log in without a password by crafting a modified HTTP GET request. The vulnerability is documented across multiple sources (NVD, CVE list, Nessu...