124 matches found
EUVD-2019-7985
Malware in sbrugna...
EUVD-2020-12605
Malware in sbrugna...
EUVD-2021-22728
Malware in sbrugna...
EUVD-2021-22725
Malware in sbrugna...
EUVD-2021-8710
Malicious code in bioql PyPI...
EUVD-2022-51772
Malicious code in bioql PyPI...
EUVD-2023-23517
Malicious code in bioql PyPI...
EUVD-2021-8716
Malicious code in bioql PyPI...
EUVD-2023-23519
Malicious code in bioql PyPI...
EUVD-2021-8708
Malicious code in bioql PyPI...
EUVD-2022-15612
Malicious code in bioql PyPI...
CVE-2023-2534
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
Authorization
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
CVE-2023-2534
CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...
CVE-2023-2534 Information disclouse and DoS via websocket push events
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
CVE-2023-2534 Information disclouse and DoS via websocket push events
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
CVE-2023-1250
Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...
Input validation
Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...
CVE-2023-1250
Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...