38 matches found
EUVD-2020-19704
Malware in sbrugna...
EUVD-2020-19702
Malware in sbrugna...
EUVD-2020-19703
Malware in sbrugna...
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...
CVE-2020-27179
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
Konzept-iX PubliXone Information Disclosure Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. PubliXone 2019.045 suffers from an information disclosure vulnerability that can cause cross-site scripting, account takeover, lack of access control, hard-coded keys, and file download...
Konzept-iX PubliXone Cross-Site Scripting Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. A cross-site scripting vulnerability exists in Konzept-iX PubliXone version 2019.045, which exposes PubliXone to cross-site scripting, account takeover, lack of access control, hard-coded...
Konzept-iX PubliXone Encryption Problem Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. Konzept-iX PubliXone version 2019.045 suffers from an encryption issue vulnerability that causes PubliXone to suffer from cross-site scripting, account takeover, lack of access control,...
Konzept-iX PubliXone Authorization Issues Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. PubliXone 2019.045 suffers from a security vulnerability that can cause cross-site scripting, account takeover, lack of access control, hard-coded keys, and file download distress. No...
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...
CVE-2020-27182
Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...
CVE-2020-27182
Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...
CVE-2020-27181
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...
CVE-2020-27179
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
CVE-2020-27179
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
CVE-2020-27181
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...