7 matches found
EUVD-2022-41805
Malicious code in bioql PyPI...
Authentication flaw
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...
Authorization
The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...
CVE-2022-24189
The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...
CVE-2022-39323
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST usertoken. This issue has been patched, please...
CVE-2022-39323
GLPI (Gestionnaire Libre de Parc Informatique) is affected by multiple CVEs described for GLPI-related components. CVE-2022-39323 involves a time-based SQL injection in the api REST user_token that can lead to full confidentiality and integrity/availability impact; the initial recommendation is t...
CVE-2021-32472
creationtimestamp| type| source ---|---|--- 2022-03-11 20:15:02+00:00| seen| https://t.me/cibsecurity/38803...