21 matches found
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
EUVD-2002-0896
Malware in sbrugna...
EUVD-2024-45997
Malicious code in bioql PyPI...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
Cross site scripting
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
CVE-2023-45869 affects ILIAS 7.25 (2023-09-12). The issue resides in the ilUtil::execQuoted() function (via the exec() call) which lacks input sanitization, allowing any authenticated user to remotely execute arbitrary operating system commands when a highly privileged account loads an XSS payloa...
PT-2023-6722 · Ilias · Ilias
Name of the Vulnerable Software and Affected Versions: ILIAS version 7.25 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access in the Learning Module component of the ILIAS learning management system. Exploitation of this issue may allow a...
NCH Software Express Invoice Elevation of Privilege Vulnerability
NCH Software Express Invoice is an inventory system from NCH Software Australia. The system is mainly used for invoice management, etc. A security vulnerability exists in NCH Software Express Invoice version 7.25. The vulnerability can be exploited to gain access to elevated privileges with the...
Unspecified Vulnerability in NCH Software Express Invoice
NCH Software Express Invoice is an inventory system from NCH Software Australia. The system is mainly used for invoice management, etc. A security vulnerability exists in NCH Software Express Invoice version 7.25, which stems from the program storing passwords in plaintext form. This vulnerabilit...
Code injection
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
CVE-2002-0905
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable...
CVE-2002-0905
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable...
CVE-2002-0905
CVE-2002-0905 affects Informix SE-7.25, where a vulnerability in the sqlexec component allows a local user to trigger a buffer overflow through a long INFORMIXDIR environment variable, potentially gaining root privileges. The affected software/version is Informix SE-7.25; the vulnerable code path...