29 matches found
EUVD-2023-12944
Malicious code in bioql PyPI...
EUVD-2023-12952
Malicious code in bioql PyPI...
EUVD-2023-12930
Malicious code in bioql PyPI...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
Cross site request forgery (csrf)
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
Code injection
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
Design/Logic Flaw
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0967
CVE-2023-0967 affects Bhima 1.27.0. An attacker authenticated with normal user permissions can view data that should be admin-only due to an IDOR-like permission validation flaw. All connected sources consistently describe Bhima 1.27.0 as vulnerable to improper permission checks that expose sensi...
CVE-2023-0944
CVE-2023-0944 affects Bhima 1.27.0. An authenticated user with regular permissions can perform an IDOR to update arbitrary user session data (e.g., username, email, password) due to improper permission validation for certain actions. The connected documents describe the vulnerability and impact b...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
PT-2023-16643 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable t...
Bhima 安全漏洞
BHIMA is a free, open source accounting and hospital information management system HIMS open source from IMAWorldHealth.org in Congo. A security vulnerability exists in Bhima version 1.27.0 that stems from not properly validating a user's privileges for certain actions that the user can perform...
PT-2023-16651 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The application is vulnerable to IDOR, which allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the...