36 matches found
EUVD-2019-11473
Malware in sbrugna...
EUVD-2019-11474
Malware in sbrugna...
EUVD-2019-11475
Malware in sbrugna...
EUVD-2019-11476
Malware in sbrugna...
CVE-2019-25023
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header which can be manipulated client-side is used for the internal application logs, an attacker can inject wrong IP addresses into these logs...
CVE-2019-25020
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...
CVE-2019-25022
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...
CVE-2019-25021
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...
Unspecified vulnerability in Scytl sVote (CNVD-2021-16362)
Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by attackers to inject incorrect IP addresses into logs...
Unspecified vulnerability in Scytl sVote (CNVD-2021-16364)
Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by an attacker to access OrientDB by providing admin as the administrator password...
Scytl sVote Injection Vulnerability
Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. Scytl sVote 2.1 suffers from an injection vulnerability that can be exploited by an attacker to inject code for execution by creating an election event and injecting a payload on the event alias...
Unspecified Vulnerability in Scytl sVote
Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by an attacker to retrieve the administrative configuration by sending a POST request to the sdm-ws-rest pre-configured URI...
CVE-2019-25022
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...
CVE-2019-25020
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...
CVE-2019-25023
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header which can be manipulated client-side is used for the internal application logs, an attacker can inject wrong IP addresses into these logs...
CVE-2019-25021
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...
CVE-2019-25023
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header which can be manipulated client-side is used for the internal application logs, an attacker can inject wrong IP addresses into these logs...
CVE-2019-25021
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...
CVE-2019-25020
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...
Input validation
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...