46 matches found
CVE-2022-27967
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles...
CVE-2022-27968
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...
EUVD-2022-32454
Malicious code in bioql PyPI...
EUVD-2022-32453
Malicious code in bioql PyPI...
EUVD-2022-32455
Malicious code in bioql PyPI...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
CVE-2022-27967
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
CVE-2022-27968
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
CVE-2022-27967
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
CVE-2022-27968
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...
Design/Logic Flaw
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...
Design/Logic Flaw
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
Design/Logic Flaw
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles...
CVE-2022-27969
CVE-2022-27969 affects Cynet 360 Web Portal prior to v4.5. Root cause: exposed GetAllDeceptionUsers endpoint (/WebApp/DeceptionUser/GetAllDeceptionUsers) that allows retrieving a list of decoy users via a crafted GET request. Impact: unauthorized disclosure of decoy user data. Affected software: ...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...
CVE-2022-27968
Cynet 360 Web Portal prior to v4.5 is vulnerable. Affected component: the GET endpoint /WebApp/SettingsFileMonitor/GetFileMonitorProfiles allows attackers to access a list of monitored files and profiles through a crafted request. Root cause: insufficient access control on the GetFileMonitorProfi...
CVE-2022-27968
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...