31 matches found
EUVD-2014-4095
Malware in sbrugna...
EUVD-2023-50799
Malicious code in bioql PyPI...
EUVD-2023-50798
Malicious code in bioql PyPI...
EUVD-2022-39483
Malicious code in bioql PyPI...
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
CVE-2023-46596
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...
CVE-2023-46596
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...
Input validation
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...
CVE-2023-46596
The CVE-2023-46596 affects AlgoSec FireFlow VisualFlow workflow editor, specifically versions A32.20, A32.50, and A32.60. The root cause is improper input validation in fields Name, Description, and Configuration File, enabling an attacker to inject malicious scripts (XSS) into the application co...
CVE-2023-46596 Improper input validation in FireFlow’s VisualFlow workflow editor
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...
CVE-2023-46596 Improper input validation in FireFlow’s VisualFlow workflow editor
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...
Algosec FireFlow Cross-Site Scripting Vulnerability
AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A security vulnerability exists in Algosec FireFlow that stems from incorrect input validation...
PT-2024-13363 · Algosec · Algosec Fireflow
Name of the Vulnerable Software and Affected Versions: Algosec FireFlow versions A32.20 through A32.60 Description: The issue is related to improper input validation in the VisualFlow workflow editor via the Name, Description, and Configuration File fields. This allows an attacker to initiate an...
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
Design/Logic Flaw
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
CVE-2023-46595 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
CVE-2023-46595
The CVE-2023-46595 entry is supported by concrete technical details in connected sources describing an HTML injection vulnerability in AlgoSec FireFlow VisualFlow editor. Affected software: FireFlow VisualFlow prior to A32.20 (b570) and prior to A32.50 (b390) (as well as prior to A32.60 (b220) pe...
AlgoSec FireFlow Cross-Site Scripting Vulnerability
AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A cross-site scripting vulnerability exists in AlgoSec Fireflow versions A32.20 and A32.50, which stems fr...
PT-2023-30106
Name of the Vulnerable Software and Affected Versions FireFlow versions prior to A32.20 b570 FireFlow versions prior to A32.50 b390 FireFlow versions prior to A32.60 b220 Description The issue allows an attacker to obtain a victim's domain credentials and Net-NTLM hash via HTML injection in the...