11 matches found
EUVD-2020-27452
Malware in sbrugna...
EUVD-2006-1787
Malware in sbrugna...
EUVD-2022-38967
Malicious code in bioql PyPI...
EUVD-2023-38700
Malicious code in bioql PyPI...
Shop Beat Media Player 访问控制错误漏洞
Shop Beat is a media player from Shop Beat, Inc. A security vulnerability exists in Shop Beat Media Player versions 2.5.95 through 3.2.57, which originates from a login that can bypass secondary authentication by accessing the API directly with a bearer token or jsession ID...
PT-2023-13466 · Unknown · Shop Beat Media Player
Name of the Vulnerable Software and Affected Versions: Shop Beat Media Player versions 2.5.95 through 3.2.57 Description: The issue allows bypassing 2FA via APIs, specifically for Controlpanel Lite. After logging in, it is possible to use the bearer token or jsession ID to access APIs without...
Input validation
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2020-6302
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...
Session fixation
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...
CVE-2020-6302
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...
ManageEngine EventLog Analyzer Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...