6 matches found
EUVD-2025-32146
Malicious code in bioql PyPI...
CVE-2025-59750
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59744
Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”...
CVE-2025-59735 Multiple vulnerabilities in AndSoft's e-TMS
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'...
PT-2025-40361
Name of the Vulnerable Software and Affected Versions AndSoft's e-TMS version 25.03 Description An operating system command injection issue exists that allows an attacker to execute operating system commands on the server. This is achieved by sending a POST request to the /CLT/LOGINERRORFRM.ASP...
PT-2025-40371
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...