26 matches found
EUVD-2019-16519
Malware in sbrugna...
EUVD-2023-41632
Malicious code in bioql PyPI...
EUVD-2023-38871
Malicious code in bioql PyPI...
CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
CVE-2019-6965
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter...
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...
CVE-2023-37756
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack...
Code injection
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack...
CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...
CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...
CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...
i-doit Trust Management Issues Vulnerabilities
i-doit is a configuration management database software from i-doit Inc. A security vulnerability exists in i-doit pro and i-doit open that stems from a security flaw in the default administrator credentials. An attacker could exploit this vulnerability to gain administrator privileges and execute...
i-doit Security Vulnerabilities
i-doit is a configuration management database software from i-doit Inc. A security vulnerability exists in i-doit pro and i-doit open that stems from the use of a weak password policy when creating an administrator account, which allows an attacker to guess a user's password via a brute force...
CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
Cross site scripting
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
CVE-2023-34830
i-doit Open v24 is affected by a reflected XSS vulnerability exposed on the login page via the timeout parameter. The CVE entry CVE-2023-34830 confirms a reflected XSS issue with this parameter, and multiple sources (including PT-2023-25017 and Red Hat/RedHat-facing pages) reference the same root...
CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...
PT-2023-25017 · Unknown · I-Doit Open
Name of the Vulnerable Software and Affected Versions: i-doit Open version v24 Description: A reflected cross-site scripting XSS issue was found in i-doit Open via the timeout parameter on the "/login" page. This allows for potential XSS attacks. Recommendations: For i-doit Open version v24,...