EUVD-2021-19540

Malware in sbrugna...

EUVD-2024-30653

Malicious code in bioql PyPI...

CVE-2023-34447

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on pages/UI.php, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0...

CVE-2021-32776

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0...

CVE-2025-24969

CVE-2025-24969 affects iTop, a web-based IT service management tool. The vulnerability is present in versions prior to 3.2.1, where a portal user can view other contacts’ pictures by changing the picture ID in the URL. Version 3.2.1 includes a patch for this issue. The documented impact is privac...

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

CVE-2025-27139

CVE-2025-27139 affects Combodo iTop (web-based IT service management). The vulnerability is a cross-site scripting issue on the preferences page. Affected versions are earlier than 2.7.12, 3.1.2, and 3.2.0. The issue is mitigated by upgrading to the fixed releases: 2.7.12, 3.1.2, or 3.2.0. No exp...

CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker can request any route we want as long as we specify an operation that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in UI.php to the ajax.render.php page which does not...

CVE-2024-51740

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

CVE-2021-32775

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0...

ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting

ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting Title: =============== ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: ==================================== CVE-2015-2169 CVSS: ==================================== 3.5 Product & Service Introduction Taken from their...

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

Document Title: =============== ManageEngine Asset Explorer v6.1 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1488 Release Date: ============= 2015-06-22 Vulnerability Laboratory ID VL-ID: ===================================...