15 matches found
EUVD-2022-38811
Malicious code in bioql PyPI...
CVE-2022-36038
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
Remote code execution
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038
CVE-2022-36038 affects CircuitVerse. A remote code execution vulnerability allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. The root cause is linked to Oj.load usage, with a patch available in commit 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. Affected v...
CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
PT-2022-23134 · Unknown · Circuitverse
Name of the Vulnerable Software and Affected Versions: CircuitVerse versions prior to the version with commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e Description: CircuitVerse is an open-source platform for constructing digital logic circuits online. A remote code execution issue allows...
The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation allows a hacker to send an unlimited number of emails to any email address using the “password reset” email address.
The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation arises from a situation where there is a race between different contexts. Exploiting this vulnerability allows an attacker to send an unlimited number of emails to any...
PT-2022-4432 · Unknown · Circuitverse
Name of the Vulnerable Software and Affected Versions: CircuitVerse affected versions not specified Description: The issue is related to a race condition in the password recovery function of CircuitVerse, a digital logic circuit development and simulation tool. This could allow a remote attacker ...
Improper Privilege Management in circuitverse/circuitverse
✍️ Description upvote in any private comment 🕵️♂️ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...
in circuitverse/circuitverse
✍️ Description Privilege escalation bug to add comment to any private project 🕵️♂️ Proof of Concept Bellow request is vulnerable to privilege escalation bug POST /commontator/threads/496401/comments HTTP/2 Host: circuitverse.org Cookie: .. User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0...
Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse
✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating Assignments 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable of stealing cookies for group members...
Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse
✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating projects 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable Steeling cookies of users 📍 Location projectscontroller.rbL5...