104 matches found
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
CVE-2025-60805 affects BESSystem BES Application Server up to version 9.5.x. The issue arises from the pre-resource option in bes-web.xml, allowing unauthorized attackers to access sensitive information. Public documents consistently describe a data leakage risk via pre-resource, with remediation...
PT-2025-44196
Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...
EUVD-2016-7019
Malware in sbrugna...
EUVD-2016-7018
Malware in sbrugna...
EUVD-2007-2759
Malware in sbrugna...
MAL-2025-9819 Malicious code in @zalastax/nolb-_bes (npm)
The package @zalastax/nolb-bes was found to contain malicious code...
CVE-2023-3632
CVE-2023-3632 affects the Kunduz - Homework Helper App by Sifir Bes Education and Informatics Kunduz. Root cause described in multiple sources as a hard-coded cryptographic key leading to authentication abuse/bypass . Affected versions are listed as prior to 6.2.3. The CVSS-based metrics indicate...
CVE-2023-3632 Hard-coded Cryptographic Key in Kunduz - Homework Helper App
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3...
CVE-2023-3632 Hard-coded Cryptographic Key in Kunduz - Homework Helper App
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
Improper access control
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2023-33443
Affected software: BES--6024PB-I50H1 VideoPlayTool 2.0.1.0. Vulnerability: Incorrect access control in the administrative functionalities. Impact: attacker can execute arbitrary administrative commands via a crafted payload sent to the endpoints. Root cause: improper access control checks in the ...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2022-38658
CVE-2022-38658 affects HCL BigFix Server Automation deployments that have the Notification Service installed on Windows. The root issue is exposure of SMTP BigFix operators’ sensitive data in cleartext via the Notification Service content from BES Support. Impact is limited to confidentiality, wi...
CVE-2022-38655
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...