28 matches found
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
EUVD-2023-48262
Malicious code in bioql PyPI...
EUVD-2023-48260
Malicious code in bioql PyPI...
EUVD-2023-48261
Malicious code in bioql PyPI...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
Improper access control
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
Improper access control
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
Design/Logic Flaw
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
EMSigner OSS Calendar Security Vulnerability
EMSigner OSS Calendar is a calendar application from EMSigner Japan. A security vulnerability exists in EMSigner OSS Calendar prior to version v.2.0.3, which stems from the presence of a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43902
CVE-2023-43902 affects EMSigner v2.8.7. The issue is an access-control failure in the Forgot Your Password feature that allows an unauthenticated attacker to access accounts of all registered users, including admin accounts, via a crafted password reset token. Documented CVSS v3.1 base score is 9...
CVE-2023-43900
CVE-2023-43900 affects EMSigner v2.8.7 with an insecure direct object reference (IDOR) vulnerability. The issue allows an attacker to gain unauthorized access to application content and view sensitive data of other users by manipulating the documentID and EncryptedDocumentId parameters. The provi...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...