93 matches found
EUVD-2007-2737
Malware in sbrugna...
EUVD-2022-48079
Malicious code in bioql PyPI...
CVE-2022-45180
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45168
LIVEBOX Collaboration vDesk (v018 and prior) is affected by CVE-2022-45168. The issue allows bypassing two-factor authentication by generating or regenerating backup codes at the endpoints /login/backup_code and /api/v1/vdeskintegration/createbackupcodes before the TOTP check is performed. Root c...
CVE-2022-45176
CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...
LIVEBOX Collaboration vDesk Security Vulnerability
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v018 and prior versions, which stems from a stored cross-site scripting XSS attack that may occur if parameters sent as input in an HTTP request are not properly checked...
PT-2024-11688 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/createbackupcodes" endpoint. This occurs because th...
CVE-2022-45176
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...
CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
PT-2024-11691 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue in the web application allows Stored Cross-site Scripting XSS to occur under the "/api/v1/getbodyfile" endpoint via the uri parameter. The application does not properly...
CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
LIVEBOX Collaboration vDesk Security Vulnerability
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v018 and prior versions, which stems from the application allowing a user to generate or regenerate backup code prior to checking TOTP, where a two-factor authentication...