24 matches found
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...
EUVD-2023-35516
Malicious code in bioql PyPI...
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...
CVE-2023-31200 PTC Vuforia Studio Cross-Site Request Forgery
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...
CVE-2023-31200
PTC Vuforia Studio contains a Cross-Site Request Forgery vulnerability (CVE-2023-31200): the local web app does not require a token, enabling an attacker with local access to perform CSRF or replay attacks. Affected products include Vuforia Studio prior to version 9.9. Mitigation recommended by t...
CVE-2023-31200 PTC Vuforia Studio Cross-Site Request Forgery
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...
CVE-2023-29502 PTC Vuforia Studio Path Traversal
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...
CVE-2023-29502 PTC Vuforia Studio Path Traversal
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...
CVE-2023-27881 PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type
A user could use the “Upload Resource” functionality to upload files to any location on the disk...
CVE-2023-27881 PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type
A user could use the “Upload Resource” functionality to upload files to any location on the disk...
CVE-2023-29152 PTC Vuforia Studio Improper Authorization
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
CVE-2023-29152 PTC Vuforia Studio Improper Authorization
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
CVE-2023-24476 PTC Vuforia Studio Improper Authorization
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid...
CVE-2023-24476 PTC Vuforia Studio Improper Authorization
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid...
CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...
CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...
PTC Vuforia Studio
1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Vuforia Studio Vulnerabilities: Insufficiently Protected Credentials, Improper Authorization, Unrestricted Upload of File with Dangerous Type, Path Traversal, Cross-site Request Forgery...
PTC Vuforia Studio 代码问题漏洞
PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. A code issue vulnerability exists in PT...
PTC Vuforia Studio 跨站请求伪造漏洞
PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. A cross-site request forgery...