Lucene search
K

4 matches found

BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.18 views

The vulnerability of the password reset mechanism of the Automation Education System Apex-VUZ allows a hacker to obtain the user’s password.

The vulnerability of the user password reset mechanism in the Apex-VUZ automation system is related to the use of the SHA-1 encryption algorithm, which lacks sufficient robustness. Exploiting this vulnerability could allow an attacker operating remotely to obtain the user’s password...

5.3CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.16 views

The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system allows a perpetrator to upload any files onto the server.

The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to load malicious files onto the server...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.18 views

The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system allows a perpetrator to gain access to user account information.

The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials...

7.8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.17 views

The vulnerability of the Apex-VUZ education automation system, related to insufficient access control, allows a perpetrator to download photos of profiles of all used accounts.

The vulnerability of the Apex-VUZ education automation system’s web interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to download photos of profiles of all user accounts by sending a specially crafted request...

7.8CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder