Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198: Authentication bypass in Jetbrain Teamcity leads...

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

Vocera Report Server 代码问题漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by the Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the BaseController...

CVE-2022-46899

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

CVE-2022-46899

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

PT-2023-10263 · Irontec · Irontec Klear-Library

Name of the Vulnerable Software and Affected Versions: irontec klear-library chloe versions prior to marla Description: A critical issue was found in the prepareWhere function of the Controller/Rest/BaseController.php file, leading to sql injection. Recommendations: For versions prior to marla,...

irontec klear-library chloe SQL注入漏洞

klear-library is a Zend Framework 1 public site external library open source by Irontec. Irontec klear-library chloe has a SQL injection vulnerability , the vulnerability stems from the file Controller/Rest/BaseController.php function prepareWhere has a problem , which will lead to sql injection...

PT-2020-17129

Name of the Vulnerable Software and Affected Versions 74CMS versions prior to 6.0.48 Description The issue concerns a PHP remote file inclusion in the assign resume tpl method within the Application/Common/Controller/BaseController.class.php file. This allows for remote code execution...

CVE-2019-12741

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

Vlcms latest version has a file write vulnerability in the frontend

vlcms is a management system developed by Xigu software team based on OneThink framework to solve the promotion of handicraft. Vlcms latest version of the front-end file writing vulnerability, the vulnerability exists in the location of /Application/Callback/Controller/BaseController.class.php,...