43 matches found
EUVD-2023-35591
Malicious code in bioql PyPI...
EUVD-2023-38510
Malicious code in bioql PyPI...
EUVD-2023-40779
Malicious code in bioql PyPI...
EUVD-2023-36895
Malicious code in bioql PyPI...
EUVD-2023-39033
Malicious code in bioql PyPI...
EUVD-2023-39153
Malicious code in bioql PyPI...
CVE-2023-35120
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then...
CVE-2023-34433
PiiGAB M-Bus stores passwords using a weak hash algorithm...
CVE-2023-32652
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks...
CVE-2023-34995
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines...
Default credentials
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines...
Cross site scripting
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks...
Command injection
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials...
Cross site request forgery (csrf)
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then...
Code injection
PiiGAB M-Bus stores passwords using a weak hash algorithm...
Hardcoded credentials
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication...
CVE-2023-35120 PiiGAB M-Bus Cross-Site Request Forgery
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then...
CVE-2023-35120 PiiGAB M-Bus Cross-Site Request Forgery
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then...
CVE-2023-34433
PiiGAB M-Bus stores passwords using a weak hash algorithm (CVE-2023-34433). Affected product area: M-Bus SoftwarePack 900S. Root cause: password storage using an insufficient computational hash. Impact is substantial (confidentiality, integrity, and availability concerns) per documented CVSS vect...
CVE-2023-34433 PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort
PiiGAB M-Bus stores passwords using a weak hash algorithm...