EUVD-2019-16519

Malware in sbrugna...

EUVD-2023-41632

Malicious code in bioql PyPI...

CVE-2019-6965

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter...

CVE-2023-37756

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack...

Code injection

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack...

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

i-doit Security Vulnerabilities

i-doit is a configuration management database software from i-doit Inc. A security vulnerability exists in i-doit pro and i-doit open that stems from the use of a weak password policy when creating an administrator account, which allows an attacker to guess a user's password via a brute force...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

PT-2023-25017 · Unknown · I-Doit Open

Name of the Vulnerable Software and Affected Versions: i-doit Open version v24 Description: A reflected cross-site scripting XSS issue was found in i-doit Open via the timeout parameter on the "/login" page. This allows for potential XSS attacks. Recommendations: For i-doit Open version v24,...

i-doit open code execution vulnerability

i-doit open is an open source automated operations and maintenance system. The system includes IT asset management , IP address management , IT infrastructure management and technical document management and other functions . A code execution vulnerability exists in i-doit open version 1.11.2,...

CVE-2018-20159

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...