12 matches found
EUVD-2022-33574
Malicious code in bioql PyPI...
CVE-2022-29174
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2021-32852 countly-server vulnerable to Cross-site Scripting
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...
countly-server 跨站脚本漏洞
countly-server is the server-side component of Countly, a product analytics solution. A security vulnerability exists in countly-server versions prior to 21.11 that stems from a cross-site scripting vulnerability...
CVE-2022-29174
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174
CVE-2022-29174 affects countly-server. Prior to patch releases, an attacker who knows an account’s email/username and full name stored in the database could guess the password reset token, enabling password reset and potential account takeover. The issue is addressed in Countly Server version 22....
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
countly-server 授权问题漏洞
countly-server is the server-side component of Countly, a product analytics solution. An authorization issue vulnerability exists in version 22.x prior to countly-server 22.03.7 and version 21.x prior to 21.11.4, which can be exploited by an attacker to reset passwords and take over accounts...
Countly Cross Site Scripting
Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...
Countly - Cross-Site Scripting
Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...