29 matches found
EUVD-2023-12952
Malicious code in bioql PyPI...
EUVD-2023-12930
Malicious code in bioql PyPI...
EUVD-2023-12944
Malicious code in bioql PyPI...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
Code injection
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
Cross site request forgery (csrf)
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
Design/Logic Flaw
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
PT-2023-16643 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable t...
CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...
PT-2023-16630 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows an authenticated attacker with regular user permissions to update arbitrary user session data, including username, email, and password. This is due to the application being vulnerable to...
PT-2023-16651 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The application is vulnerable to IDOR, which allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the...
CVE-2023-0959
CVE-2023-0959 affects Bhima v1.27.0, where a remote attacker can cause privilege escalation by delivering a malicious link to an administrator, exploiting a CSRF vulnerability. The attack requires user interaction from an administrator (per CVSS: UI:R) and results in updating privileges for any r...