243 matches found
SUSE CVE-2012-1763
Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround...
CVE-2022-41947
CVE-2022-41947 describes a cross-site scripting (XSS) vulnerability in DHIS 2 core where an authenticated user can upload a file containing embedded JavaScript, which could be triggered when another authenticated user opens the file in a browser. Affected versions are DHIS 2 prior to 2.36.12.1, 2...
CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
CVE-2022-41949
CVE-2022-41949 affects DHIS 2 core. An authenticated DHIS2 user can craft a request that makes the server fetch external resources, enabling a semi‑blind Server-Side Request Forgery (SSRF) in the dhis2-core component. This can allow an attacker to identify vulnerable services not publicly exposed...
CVE-2022-41949 Semi-blind Server-Side Request Forgery in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources like third party servers. This could allow...
Modify other people's articles by modifying the data package
Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...
Account Takeover via Webhook Handlebars + API Reset Password
Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...
CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...
CVE-2022-24848
DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....
Path traversal
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
CVE-2022-24830 Path Traversal in OpenClinica
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
CVE-2021-45104
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities
Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...
CVE-2021-41187
CVE-2021-41187 concerns DHIS 2. A SQL injection vulnerability exists in specific DHIS2 versions (2.32, 2.33, 2.34, 2.35, 2.36) affecting the REST endpoints for /api/trackedEntityInstances and /api/events . Exploitation requires the attacker to be an authenticated DHIS2 user, and successful exploi...
Sql injection
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects...
Exploit for CVE-2021-38647
cve-2021-38647 https://github.com/corelight/CVE-2021-38647 wit...
U.S. Dept Of Defense: Expired SSL Certificate allows credentials steal
Hi security Team! I've found this website with no valid SSL Certificate. https://██████████ Certificate has expired 314 days ago. Impact Error message can appear on page and user can have his credentials stolen by an attacker capturing the network data. System Hosts ███████ Affected Products and...
CVE-2021-39196
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...
CVE-2021-39196 Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...
CVE-2020-4821
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...