21 matches found
OA-System 安全漏洞
OA-System is an office automation system developed by Miazzy himself. There is a security vulnerability in OA-System, which stems from functions that come from sources outside the scope of trusted control...
Seeyon Zhiyuan OA Web Application System 安全漏洞
Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...
oasys 安全漏洞
oasys is an OA office automation system by the individual developer misstt123. A security vulnerability exists in oasys version 1.1, which stems from a misuse of the parameter aleph in the file src/main/Java/cn/gson/oasys/controller/address/AddrController, which could lead to an SQL injection...
RuvarOA idlist Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...
RuvarOA sys_file_storage_id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...
RuvarOA filename Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...
RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33617)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33155)
RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
RuvarOA PageID Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the PageID parameter in the /WebUtility/SearchCondiction.aspx file against external SQL input. An attacker can exploit this...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33154)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33151)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. TONGDA Office Anywhere 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter RECRUITMENTID can lead to SQL injection...
Cybozu Garoon 跨站请求伪造漏洞
A cross-site request forgery vulnerability exists in Message in Cybozu Garoon, a portal-based OA system from Cybozu Japan. An attacker could use this vulnerability to trick users into performing unintended actions...
Rockoa Xinhu 信息泄露漏洞
Rockoa Xinhu is a Php-based office OA system from China Xinhu Rockoa. Rockoa Xinhu 2.1.9 version of the information leakage vulnerability, the vulnerability stems from ajaxbool value is manipulated to true, the attacker can obtain sensitive information by exploiting the vulnerability...
Override Access Vulnerability in Panavision E-Mobile
Panavision E-Mobile is a mobile office platform. An override access vulnerability exists in Panmicro E-Mobile. An attacker can use the vulnerability to modify the platform authentication code, obtain database information, lock the OA system and other operations...
SQL injection vulnerability in the info_id parameter of PlacardView.aspx page of OA system of Shanghai Shuang Yang Computer Hi-Tech Development Co.
Shanghai Shuang Yang Computer Hi-Tech Development Company Shuang Yang for short is a high-tech enterprise mainly engaged in application software development and system integration. The product /DSOATY/FromBaoShan/LaborSpecial/PlacardView.aspx?infoid=1 at the existence of SQL injection...
File Upload Vulnerability in OA System of Wando Network Technology Co.
Wando Network Technology Limited OA system is a set of office software. A file upload vulnerability exists in the Wando Network Technology Ltd OA system, which can be exploited by attackers to gain control of the website...
Struts2 Remote Command Execution Vulnerability in OA System of Beijing Hurong Times Software Co.
Beijing Hurong Times Software Co., Ltd OA system is a set of daily operation and management application system for organizations. The OA system of Beijing Hurong Times Software Co., Ltd. suffers from a Struts2 remote command execution vulnerability, which can be exploited by an attacker to remote...
鸿信办公自动化系统中5.0 版本的ewebeditor默认配置可文件上传漏洞
No description provided by source...
鸿信办公自动化系统/oa/File.aspx和/Page/System/UserDetail.aspx存在遍历漏洞
No description provided by source...