67 matches found
CVE-2025-68420
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68421
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
CVE-2025-68420
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68420
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68420 Privilege Escalation in Comarch ERP Optima
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68420 Privilege Escalation in Comarch ERP Optima
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68420
Summary: CVE-2025-68420 affects the Comarch ERP Optima client, where the client connects to a database using a high-privilege account regardless of the user’s application account. A local attacker-controlled client process can dump memory, extract credentials, and gain privileged database access....
EUVD-2025-209840
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68421 Hardcoded credentials in Comarch ERP Optima
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
CVE-2025-68421 Hardcoded credentials in Comarch ERP Optima
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
CVE-2025-68421
CVE-2025-68421 affects the Comarch ERP Optima client, which uses a hard-coded database credential that cannot be changed. A remote attacker could gain access to the database with elevated privileges and may execute system commands on the server. The issue is fixed in version 2026.4. Current explo...
PT-2026-40903
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
PT-2026-40902
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
Comarch ERP Optima 信任管理问题漏洞
Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained a vulnerability related to trust management. This vulnerability stemmed from the use of hard-coded...
Comarch ERP Optima 安全漏洞
Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of high-privilege accounts to...
EUVD-2010-5267
Malware in sbrugna...
EUVD-2010-5266
Malware in sbrugna...
EUVD-2023-35113
Malicious code in bioql PyPI...
CVE-2023-30749
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin = 7.3.0 versions...
optima-power.ba Improper Access Control vulnerability OBB-3782726
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...