14 matches found
EUVD-2024-16726
Malicious code in bioql PyPI...
CVE-2024-0949
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0949
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2024-0947
The CVE-2024-0947 entry concerns Elektraweb (Talya Informatics) prior to v17.0.68, where reliance on unvalidated and unauthenticated cookies and opaque client-side data tokens enables session credential falsification through manipulation of HTTP cookies. The vulnerability affects Elektraweb befor...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
PT-2024-15930
Name of the Vulnerable Software and Affected Versions Elektraweb versions prior to 17.0.68 Description The issue is related to improper access control, missing authorization, and incorrect permission assignment for critical resources. It allows for exploiting incorrectly configured access control...
Elektraweb Security Vulnerabilities
Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A security vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from reliance on unvalidated and integrity-checked cookies, which allows an attacker to manipulate, access/intercept/modify HTTP...
Elektraweb Trust Management Issues Vulnerability
Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...