Lucene search
K

4 matches found

Openbugbounty
Openbugbounty
added 2023/01/11 10:12 p.m.8 views

connect24.com Cross Site Scripting vulnerability OBB-3143258

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.3 views

The vulnerability of industrial remote access systems mymbCONNECT24 and mb CONNECT24, related to insecure management of privileges, allows a hacker to terminate web2go sessions in a account that he does not have access to.

The vulnerability of industrial remote access systems mymbCONNECT24 and mb CONNECT24 is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to terminate web2go sessions in a user’s account that they have no access to...

6.8CVSS7.3AI score0.00831EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.4 views

The vulnerability of industrial remote access systems mymbCONNECT24 and mb CONNECT24, related to insufficient validation of incoming requests, allows a hacker to perform SSRF attacks.

The vulnerability of industrial remote access systems mymbCONNECT24 and mb CONNECT24 is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack by scanning open ports...

5.8CVSS5.9AI score0.00807EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.6 views

The vulnerability of industrial remote access systems mymbCONNECT24 and mb CONNECT24 allows a hacker to implant malicious code.

The vulnerability of industrial remote access systems like mymbCONNECT24 and mb CONNECT24 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject code remotely using the get parameter...

4.3CVSS6.4AI score0.00624EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder