34 matches found
EUVD-2020-19060
Malware in sbrugna...
EUVD-2020-19064
Malware in sbrugna...
EUVD-2019-9504
Malware in sbrugna...
EUVD-2020-19062
Malware in sbrugna...
EUVD-2019-9503
Malware in sbrugna...
EUVD-2020-19063
Malware in sbrugna...
CVE-2020-26517
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
CVE-2020-26517
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
CVE-2020-26515
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...
Cross site request forgery (csrf)
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
Cross site scripting
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
Code injection
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...
CVE-2020-26515
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...
CVE-2020-26515
The CVE-2020-26515 entry concerns Intland codeBeamer ALM 10.x–10.1.SP4, where the remember-me cookie CB_LOGIN stores user credentials and is encrypted with a NULL key due to a bug in the application. This creates an insufficient protection of credentials with potential exposure if the cookie is a...
CVE-2020-26517
CVE-2020-26517 affects Intland codeBeamer ALM, versions 10.x through 10.1.SP4. The issue is a cross-site scripting (XSS) vulnerability that can be exploited via: (1) WebDAV file uploads to a project by authenticated users, (2) the users import functionality by admin users, and (3) modifying the l...
CVE-2020-26517
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
CVE-2020-26516
The CVE-2020-26516 issue affects Intland codeBeamer ALM (versions 10.x through 10.1.SP4). The root cause is missing CSRF tokens in requests that trigger server actions, allowing crafted requests to cause a victim’s browser to perform undesired actions within the web application. The NVD entry lis...
CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...