32 matches found
EUVD-2019-15831
Malware in sbrugna...
EUVD-2025-4812
Malicious code in bioql PyPI...
EUVD-2025-4816
Malicious code in bioql PyPI...
CVE-2025-0425
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2025-0422
An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. Remote Code Execution For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By defaul...
CVE-2025-0425
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2025-0425 Local Privilege Escalation via Config Manipulation
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2025-0425
Cordaware bestinformed Infoclient is vulnerable to local privilege escalation: a low-privileged user can change the server address to a malicious or spoofed server, enabling elevation to nt authority\system on Windows. This relies on default GUI permissions and can be mitigated by deploying a cus...
CVE-2025-0425 Local Privilege Escalation via Config Manipulation
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2025-0424
Cordaware bestinformed Web is affected by authenticated stored cross-site scripting due to improper input sanitization. An authenticated attacker can inject JavaScript into other users’ sessions, potentially enabling horizontal movement to higher-privileged accounts. The available connected sourc...
CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...
CVE-2025-0423 Multiple Unauthenticated Stored Cross-Site Scripting
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...
CVE-2025-0422
Cordaware bestinformed Web is affected by CVE-2025-0422: an authenticated user who can create ScriptVars of type 'script' and preview them (e.g., via Info) can execute commands on the server, i.e., Remote Code Execution. Admin permissions enable this by default, but granular permissions can allow...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from improper input cleanup, leading to a stored cross-site scripting attack that could hijack an elevated privilege session...
PT-2025-6785 · Unknown · Bestinformed Web
Name of the Vulnerable Software and Affected Versions: BestInformed Web affected versions not specified Description: The issue arises from improper sanitization of user input in the BestInformed Web application, leading to multiple authenticated stored cross-site scripting vulnerabilities. An...
PT-2025-6786 · Bestinformed +1 · Bestinformed Infoclient +1
Name of the Vulnerable Software and Affected Versions: bestinformed Infoclient affected versions not specified Description: A low-privileged user can change the server address of the bestinformed Server to which the bestinformed Infoclient connects, allowing them to escalate their privileges by...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from improper input cleanup and vulnerability to stored cross-site scripting attacks...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a script variable execution issue that allows an authenticated user to remotely execute code...
Cordaware bestinformed 安全漏洞
Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...
PT-2025-6784 · Unknown · Bestinformed Web
Name of the Vulnerable Software and Affected Versions: bestinformed Web affected versions not specified Description: The issue arises from improper sanitization of user input in the bestinformed Web application, leading to multiple unauthenticated stored cross-site scripting vulnerabilities. An...