CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

EUVD-2022-46011

Malicious code in bioql PyPI...

EUVD-2022-29964

Malicious code in bioql PyPI...

CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...

CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...

CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...

The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

The vulnerability of the Passwork password manager, related to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.

The vulnerability of the Passwork password manager is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a intruder to gain unauthorized access to local files and directories on the server.

The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server by manipulating URL...

The vulnerability of the Passwork password manager lies in the improper implementation of the sequence of actions required for processing tasks. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the Passwork password manager is related to the incorrect implementation of the sequence of actions performed. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information...

The vulnerability of the Passwork password manager, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of the Passwork password manager is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute an SSRF attack using specially crafted HTTP requests...

The vulnerability of the Passwork password manager, related to the lack of protective measures for website structures, allows attackers to execute DOM-Based XSS attacks.

The vulnerability of the password manager Passwork is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute a DOM-Based XSS attack remotely...

PT-2024-29: Path Traversal in Passwork

The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to gain access to local files and directories on the server, which are not avaliable by the logic of the application. Vulnerability status: Confirmed by vendor Date of...

PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...

PT-2024-34: Server Side Request Forgery (SSRF) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to send requests to both external nodes and servers with limited access, which leads to disclosure of sentisive data, denial of service, etc. Also, exploitation of the...

PT-2024-33: Business logic vulnerability in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application's logic requires the user to perform a correct sequence of actions to implement the functionality. The vulnerability in the business logic can be exploited by an attacker to gain access to the application's functionality...

PT-2024-32: Stored Cross-Site Scripting (Stored XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Discovered vulnerability allows an attacker to execute arbitrary JavaScript code in victim's browser...