28 matches found
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
EUVD-2023-48261
Malicious code in bioql PyPI...
EUVD-2023-48262
Malicious code in bioql PyPI...
EUVD-2023-48260
Malicious code in bioql PyPI...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
Improper access control
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
Design/Logic Flaw
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
Improper access control
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
CVE-2023-43902
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...
EMSigner Security Vulnerability
EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from a vulnerability that allows an attacker to gain unauthorized access to application content and view sensitive data of other users by manipulating the...
CVE-2023-43902
CVE-2023-43902 affects EMSigner v2.8.7. The issue is an access-control failure in the Forgot Your Password feature that allows an unauthenticated attacker to access accounts of all registered users, including admin accounts, via a crafted password reset token. Documented CVSS v3.1 base score is 9...
EMSigner Security Vulnerability
EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from an Access Control Error vulnerability in the Forgot Your Password feature that allows an unauthenticated attacker to gain access to the accounts of all...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43901
EMSigner v2.8.7 is affected by an incorrect access control in the AdHoc User creation form that allows an unauthenticated attacker to arbitrarily modify usernames and privileges by using a registered user’s email address. The issue is tied to the AdHoc User creation flow (root cause: improper acc...