28 matches found
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
EUVD-2023-48260
Malicious code in bioql PyPI...
EUVD-2023-48261
Malicious code in bioql PyPI...
EUVD-2023-48262
Malicious code in bioql PyPI...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
Improper access control
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
Improper access control
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
Design/Logic Flaw
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43900
CVE-2023-43900 affects EMSigner v2.8.7 with an insecure direct object reference (IDOR) vulnerability. The issue allows an attacker to gain unauthorized access to application content and view sensitive data of other users by manipulating the documentID and EncryptedDocumentId parameters. The provi...
EMSigner Security Vulnerability
EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from an Access Control Error vulnerability in AdHoc User that allows an unauthenticated attacker to arbitrarily modify usernames and permissions using a user's...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43901
EMSigner v2.8.7 is affected by an incorrect access control in the AdHoc User creation form that allows an unauthenticated attacker to arbitrarily modify usernames and privileges by using a registered user’s email address. The issue is tied to the AdHoc User creation flow (root cause: improper acc...