51 matches found
EUVD-2024-55647
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...
CVE-2024-58352 Landray OA Unauthenticated HQL Injection via wechatLoginHelper.do
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
Landray EKP - Path Traversal
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...
Landray EIS SQL注入漏洞
Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...
VulnCheck KEV: CVE-2025-22214
Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...
EUVD-2021-26503
Malware in sbrugna...
EUVD-2024-33695
Malicious code in bioql PyPI...
EUVD-2024-33696
Malicious code in bioql PyPI...
EUVD-2025-2670
Malicious code in bioql PyPI...
Landray OA EKP 安全漏洞
Landray OA EKP Landray EKP is an office collaboration software from China Landray company. A security vulnerability exists in Landray OA EKP v16, which originates from an arbitrary download vulnerability in the /ui/sysuiextend/sysUiExtend.do component, which may result in obtaining the backend...
CVE-2025-22214
Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...
CVE-2024-11239
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...
CVE-2024-11238
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...
CVE-2024-48068
A cross-site scripting XSS vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-34924
Lanling OA Landray Office Automation OA internal patch number 133383/137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp...
CVE-2021-3159
A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...
VulnCheck KEV: CVE-2024-11238
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible...
CVE-2025-22214
Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...