29 matches found
EUVD-2024-46577
Malicious code in bioql PyPI...
EUVD-2024-46581
Malicious code in bioql PyPI...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
CVE-2024-7314
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
CVE-2024-7314
CVE-2024-7314 affects AJ-Report (anji-plus). The vulnerability is an authentication bypass in versions before 1.4.1, allowing a remote, unauthenticated attacker to append “;swagger-ui” to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server. The Nuclei templ...
PT-2024-38260 · Anji Plus · Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions = 1.4.0 Description: The issue allows a remote and unauthenticated attacker to bypass authentication by appending ";swagger-ui" to HTTP requests, potentially executing arbitrary Java on the victim server. This is...
CVE-2024-5356
A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2024-5356
A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection
A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2024-5356
CVE-2024-5356 affects anji-plus AJ-Report up to version 1.4.1, where the unknown function at /dataSet/testTransform;swagger-ui can be exploited via manipulation of the dynSentence parameter to perform SQL injection. The vulnerability enables remote exploitation and exploitation details have been ...
CVE-2024-5355
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...
CVE-2024-5355
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...
CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...
CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...
CVE-2024-5355
CVE-2024-5355 affects anji-plus AJ-Report up to version 1.4.1, with the IGroovyHandler function vulnerable to command injection that can be exploited remotely. Public exploit information exists. A practical mitigation from PT-security suggests disabling the IGroovyHandler function as a temporary ...
CVE-2024-5354
A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has...
CVE-2024-5354
Summary: CVE-2024-5354 affects the anji-plus AJ-Report product (versions up to 1.4.1). The vulnerability exists in the /reportShare/detailByCode endpoint, where manipulating the shareToken can disclose information. It is exploitable remotely over a network. Public exploitation has been disclosed....
CVE-2024-5353
CVE-2024-5353 affects anji-plus AJ-Report up to 1.4.1. The issue is a path traversal in the ZIP File Handler decompress function, allowing remote initiation. Exploit has been disclosed publicly. No remediation details are provided in the connected documents; no explicit fixes or patched versions ...