13 matches found
PT-2026-24947
Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF Krajowy System e-Faktur token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92...
EUVD-2024-54324
Malicious code in bioql PyPI...
EUVD-2024-54323
Malicious code in bioql PyPI...
CVE-2024-7407
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transforme...
CVE-2024-11504
Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software...
CVE-2024-7407
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...
CVE-2024-11504
Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software...
CVE-2024-7407 Weak password encoding in Streamsoft Prestiż
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...
CVE-2024-7407 Weak password encoding in Streamsoft Prestiż
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...
CVE-2024-7407
CVE-2024-7407 concerns Streamsoft Prestiż, where a custom password encoding algorithm allows decoding of stored passwords from encoded forms under observer-informed conditions. The vulnerable element is the password encoding/transform process in the application’s database storage. The impact, as ...
CVE-2024-11504
CVE-2024-11504 affects Streamsoft Prestiż. Description shows an SQL injection due to improper sanitization of input from multiple fields, exploitable by an authenticated remote attacker. The vulnerability is rated high ( CVSS 4.0: base score 8.6; Network attack vector; low required privileges; no...
CVE-2024-11504 SQL Injection in Streamsoft Prestiż
Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software...
CVE-2024-11504 SQL Injection in Streamsoft Prestiż
Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software...