75 matches found
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
EUVD-2022-46011
Malicious code in bioql PyPI...
EUVD-2022-29964
Malicious code in bioql PyPI...
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...
CVE-2022-42956
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...
CVE-2022-42955
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...
PT-2024-29: Path Traversal in Passwork
The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to gain access to local files and directories on the server, which are not avaliable by the logic of the application. Vulnerability status: Confirmed by vendor Date of...
PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...
PT-2024-34: Server Side Request Forgery (SSRF) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to send requests to both external nodes and servers with limited access, which leads to disclosure of sentisive data, denial of service, etc. Also, exploitation of the...
PT-2024-33: Business logic vulnerability in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application's logic requires the user to perform a correct sequence of actions to implement the functionality. The vulnerability in the business logic can be exploited by an attacker to gain access to the application's functionality...
PT-2024-32: Stored Cross-Site Scripting (Stored XSS) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Discovered vulnerability allows an attacker to execute arbitrary JavaScript code in victim's browser...
PT-2024-30: Stored DOM-Based Cross-Site Scripting (stored DOM XSS) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Exploitation of the vulnerability is possible for an authorized user and leads to the possibility of executing...
PT-2024-6802 · Passwork · Passwork
Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to the lack of protection measures for the web page structure in the password manager Passwork. This can be exploited by a remote attacker to perform a DOM Based XSS...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
Design/Logic Flaw
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...