14 matches found
CVE-2025-11629
A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...
CVE-2024-11629
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...
CVE-2024-11629
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...
CVE-2024-11629
creationtimestamp| type| source ---|---|--- 2025-02-12 16:25:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113991847200237351 2025-02-12 17:15:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyofoqzd72a 2025-02-12 18:19:53+00:00| seen|...
CVE-2024-11629 Telerik Document Processing RTF Export of Arbitrary File Path
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...
CVE-2024-11629
CVE-2024-11629 affects Progress Telerik Document Processing Libraries (prior to 2025 Q1, version 2025.1.205) when targeting .NET Standard 2.0. The issue allows exporting the contents of a file at an arbitrary path to RTF, indicating an potential arbitrary file read/export vulnerability due to the...
CVE-2024-11629 Telerik Document Processing RTF Export of Arbitrary File Path
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...
CVE-2020-11629
EJBCA before 6.15.2.6 and 7.x before 7.3.1.2 is affected by a vulnerability in the External Command Certificate Validator . The validator allows uploading external linters to validate certificates, and is described as saving uploaded test certificates to the server. An attacker who gains access t...
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS...
CVE-2019-11629
CVE-2019-11629 concerns Nexus Repository Manager 2.x prior to 2.14.13, where a cross-site scripting (XSS) vulnerability exists in the web application. Description in the provided documents states that the vulnerability allows XSS but does not detail specific affected components beyond the product...
CVE-2018-11629
Default and unremovable support credentials user:lutron password:integration allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not...
CVE-2018-11629
Default and unremovable support credentials user:lutron password:integration allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not...
CVE-2018-11629
CVE-2018-11629 affects Lutron HomeWorks QS devices using the HomeWorks QS integration protocol (Rev M–Y). The issue arises from default, unremovable credentials (user: lutron, password: integration) that permit Telnet access and full admin-like control of the IoT device. Exploitation appears to e...
CVE-2017-11629
FineCMS