32 matches found
CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...
CVE-2021-22650
An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...
EUVD-2021-9782
Malicious code in bioql PyPI...
EUVD-2021-9786
Malicious code in bioql PyPI...
EUVD-2021-9780
Malicious code in bioql PyPI...
EUVD-2023-44062
Malicious code in bioql PyPI...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2023-3395
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain...
Design/Logic Flaw
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain...
CVE-2023-3395
The CVE-2023-3395 issue affects the TWinSoft Configuration Tool, where all versions store encrypted passwords as plaintext in memory, enabling an attacker with file access to load documents into memory and extract plaintext passwords via memory viewing. The vulnerability is tied to plaintext stor...
CVE-2023-3395
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain...
PT-2023-24592 · Twinsoft · Twinsoft Configuration Tool
Name of the Vulnerable Software and Affected Versions: TWinSoft Configuration Tool affected versions not specified Description: The issue concerns the storage of encrypted passwords as plaintext in memory by the TWinSoft Configuration Tool. An attacker with access to system files could load a...
CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2021-22650
An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...
CVE-2021-22650
An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
Remote code execution
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...
Code injection
An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...
Hardcoded credentials
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...