15 matches found
CVE-2022-37144
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...
EUVD-2022-39797
Malicious code in bioql PyPI...
EUVD-2022-39799
Malicious code in bioql PyPI...
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed...
CVE-2022-37146
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...
PlexTrac 安全漏洞
PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac version 1.61.3 through versions prior to 2.8.1, which stems from the presence of an untrusted data deserialization vulnerability that allows object...
PlexTrac 安全漏洞
PlexTrac is a penetration test reporting and management platform from US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from the presence of a server-side request forgery vulnerability that allows requests to be made to internal...
PlexTrac 安全漏洞
PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from the presence of an uncontrolled resource consumption vulnerability that could lead to a...
CVE-2022-37145
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...
CVE-2022-37145
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...
CVE-2022-37144
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...
CVE-2022-37146
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...
Authentication flaw
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...
PlexTrac API 安全漏洞
PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in the PlexTrac API prior to version 1.17.0 that stems from not limiting the number of authentication attempts for accounts configured to use the PlexTrac Authenticati...
PlexTrac API 安全漏洞
PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in the PlexTrac API prior to version 1.17.0, which stems from an unrestricted number of MFA TOTP submission attempts, where an unauthenticated, remote attacker...