26 matches found
EUVD-2022-27666
Malicious code in bioql PyPI...
Helmholz myREX24、MB Connect Line mymbCONNECT24和MB Connect Line mbCONNECT24 安全漏洞
MB Connect Line mbCONNECT24 and others are products of MB Connect Line, Germany.MB Connect Line mbCONNECT24 is a suite of remote service portals.MB Connect Line mymbCONNECT24 is an on-premise remote maintenance for virtual environments. Helmholz myREX24 and others are products of Helmholz. Helmho...
Helmholz myREX24、MB Connect Line mymbCONNECT24和MB Connect Line mbCONNECT24 安全漏洞
MB Connect Line mbCONNECT24 and others are products of MB Connect Line, Germany.MB Connect Line mbCONNECT24 is a suite of remote service portals.MB Connect Line mymbCONNECT24 is an on-premise remote maintenance for virtual environments. Helmholz myREX24 and others are products of Helmholz. Helmho...
CVE-2023-4834
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...
CVE-2023-4834
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...
CVE-2023-4834
Summary: CVE-2023-4834 affects Red Lion Europe mbCONNECT24, mymbCONNECT24, and Helmholz myREX24 / myREX24.virtual up to version 2.14.2. The root cause is an improperly implemented access validation, enabling an authenticated, low-privileged attacker to read limited, non-critical device informatio...
Information disclosure
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions =2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact...
CVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...
Code injection
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...
CVE-2022-22520
CVE-2022-22520 describes a remote, unauthenticated user enumeration vulnerability in MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual up to v2.11.2. The underlying issue is that the webservice allows attackers to enumerate valid users by sending specific...
Design/Logic Flaw
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...
CVE-2021-34574
CVE-2021-34574 affects MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual up to version 2.11.2. An authenticated attacker can change their account password by intercepting and modifying the password-change request sent to the server, bypassing the password ...
PT-2021-20556 · Unknown · Mbconnect24 +2
Name of the Vulnerable Software and Affected Versions: mymbCONNECT24 versions through 2.11.2 mbCONNECT24 versions through 2.11.2 Helmholz myREX24 versions through 2.11.2 myREX24.virtual versions through 2.11.2 Description: An authenticated attacker can change the password of their account into a...
CVE-2020-12527
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...
CVE-2020-12527
CVE-2020-12527 affects MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (versions up to v2.11.2). The root cause is improper access validation that lets a logged-in user perform privileged actions (shutdown/reboot) on devices in their account without the...
CVE-2020-35566
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...
CVE-2020-35557
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation...
CVE-2020-35568
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...
CVE-2020-35561
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports...
CVE-2020-35570
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...