131 matches found
CVE-2024-35591
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-35591
CVE-2024-35591 affects O2OA version 8.3.8. The issue is an arbitrary file upload vulnerability in the application that allows an attacker to execute arbitrary code by uploading a crafted PDF file. The available connected sources describe the vulnerable component as the O2OA upload handling, with ...
CVE-2024-35591
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-35591
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...
PT-2024-26563 · O2Oa · O2Oa
Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA v8.3.8, which stems from the presence of an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted PDF file...
CVE-2024-3689
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...
CVE-2024-3689
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...
CVE-2024-3689 Zhejiang Land Zongheng Network Technology O2OA information disclosure
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...
CVE-2024-3689
CVE-2024-3689 affects Zhejiang Land Zongheng Network Technology O2OA up to 20240403. The vulnerability concerns an unknown function in the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3 and leads to information disclosure. It can be exploited remotely with high attack complex...
CVE-2024-3689 Zhejiang Land Zongheng Network Technology O2OA information disclosure
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...
O2OA 信息泄露漏洞
LanDe Network O2oa is an Oa office system from LanDe Network China. An information disclosure vulnerability exists in O2OA 20240403 and prior versions, which stems from an unknown function in the file /xportal that can lead to information disclosure...
CVE-2023-47418
Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...
CVE-2023-47418
Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...
CVE-2023-47418
Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...
Remote code execution
Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...
CVE-2023-47418
Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...
O2OA Security Breach
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 8.1.2 and earlier versions, which stems from the presence of a Remote Code Execution RCE vulnerability. The vulnerability can be exploited by an attacker to create a new interface...
CVE-2023-47418
The CVE-2023-47418 entry concerns O2OA, affected in versions 8.1.2 and earlier. The vulnerability allows Remote Code Execution by attackers who can create a new interface in the service management function to run JavaScript. Impact is described as high (RCE) and accessible over network with no pr...
O2OA Remote Code Execution (CVE-2022-22916)
A remote code execution vulnerability exists in O2OA. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...