34 matches found
EUVD-2023-34871
Malicious code in bioql PyPI...
EUVD-2023-34872
Malicious code in bioql PyPI...
EUVD-2023-37454
Malicious code in bioql PyPI...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
Design/Logic Flaw
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
PT-2023-24273 · Ebankit · Ebankit
Name of the Vulnerable Software and Affected Versions: ebankIT version 6 Description: The issue concerns the public endpoints "/public/token/Email/generate" and "/public/token/SMS/generate" which allow generation of OTP messages to any e-mail address or phone number without validation. However, i...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-33291
In ebankIT version 6, CVE-2023-33291, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email or phone number without validation. The issue, described across multiple sources, relies on insecure public APIs that can be probed ...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
ebankIT 安全漏洞
ebankIT is a banking software from ebankIT Portugal. A security vulnerability exists in ebankIT version 6, which stems from the ability to generate OTP messages to any e-mail address or phone number without authentication...
eBankIT 6 Arbitrary OTP Generation
CVE-2023-33291 Description In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation. ------------------------------------------ Additional Information The cookies in the...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
Cross site scripting
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...