50 matches found
CVE-2022-27434
UNIT4 TETA Mobile Edition ME before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page...
EUVD-2015-2192
Malware in sbrugna...
EUVD-2015-1316
Malware in sbrugna...
EUVD-2022-37034
Malicious code in bioql PyPI...
EUVD-2022-31937
Malicious code in bioql PyPI...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2022-34001
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously...
VulnCheck KEV: CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
PT-2024-22548 · Unit4 · Unit4 Financials
Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue is related to an incorrect access control authorization bypass, allowing an authenticated user to modify the password of any user of the application via a crafted reques...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2024-28735
Summary: CVE-2024-28735 affects Unit4 Financials by Coda prior to 2023Q4. An authenticated user can bypass access control to change any user’s password via a crafted request (PoC shows POST /coda/rest/session/password with fields including user, newPassword, and target username). Impact: password...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
PT-2024-22547 · Unit4 · Unit4 Financials
Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. This enables the attacker to potentially escalate privileges...
CVE-2024-28734
CVE-2024-28734 describes a Cross‑Site Scripting vulnerability in Unit4 Financials by Coda, affecting versions prior to 2023Q4. The vulnerability resides in the /coda/frameset endpoint where the cols parameter is reflected without proper sanitization, allowing an attacker to inject JavaScript that...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
Unit4 Financials by Coda Security Breaches
Unit4 Financials by Coda is a financial management software from Unit4 USA. A security vulnerability exists in versions of Unit4 Financials by Coda prior to 2023Q4 that stems from the presence of incorrect access controls...