Lucene search
K

21 matches found

CNNVD
CNNVD
added 2026/03/09 12:0 a.m.6 views

OA-System 安全漏洞

OA-System is an office automation system developed by Miazzy himself. There is a security vulnerability in OA-System, which stems from functions that come from sources outside the scope of trusted control...

9.8CVSS5.8AI score0.00359EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

9.3CVSS6.7AI score0.00602EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.5 views

oasys 安全漏洞

oasys is an OA office automation system by the individual developer misstt123. A security vulnerability exists in oasys version 1.1, which stems from a misuse of the parameter aleph in the file src/main/Java/cn/gson/oasys/controller/address/AddrController, which could lead to an SQL injection...

8CVSS7.6AI score0.0046EPSS
Exploits1References2
CNVD
CNVD
added 2024/05/10 12:0 a.m.5 views

RuvarOA idlist Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...

9.8CVSS7.9AI score0.00696EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.5 views

RuvarOA sys_file_storage_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...

9.4CVSS8AI score0.00617EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.4 views

RuvarOA filename Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...

9.8CVSS8AI score0.00629EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.5 views

RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33617)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...

9.4CVSS8AI score0.00558EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.6 views

RuvarOA SQL Injection Vulnerability (CNVD-2024-33155)

RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

5.9CVSS7.8AI score0.00279EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.9 views

RuvarOA PageID Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the PageID parameter in the /WebUtility/SearchCondiction.aspx file against external SQL input. An attacker can exploit this...

9.8CVSS8AI score0.00577EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.7 views

RuvarOA SQL Injection Vulnerability (CNVD-2024-33154)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...

9.4CVSS8AI score0.00512EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.5 views

RuvarOA SQL Injection Vulnerability (CNVD-2024-33151)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...

7.8CVSS8AI score0.00315EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.5 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. TONGDA Office Anywhere 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter RECRUITMENTID can lead to SQL injection...

7.5CVSS8AI score0.00624EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.9 views

Cybozu Garoon 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in Message in Cybozu Garoon, a portal-based OA system from Cybozu Japan. An attacker could use this vulnerability to trick users into performing unintended actions...

8CVSS6.4AI score0.00488EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/25 12:0 a.m.9 views

Rockoa Xinhu 信息泄露漏洞

Rockoa Xinhu is a Php-based office OA system from China Xinhu Rockoa. Rockoa Xinhu 2.1.9 version of the information leakage vulnerability, the vulnerability stems from ajaxbool value is manipulated to true, the attacker can obtain sensitive information by exploiting the vulnerability...

7.5CVSS7.1AI score0.01471EPSS
Exploits1References2
CNVD
CNVD
added 2018/01/19 12:0 a.m.2 views

Override Access Vulnerability in Panavision E-Mobile

Panavision E-Mobile is a mobile office platform. An override access vulnerability exists in Panmicro E-Mobile. An attacker can use the vulnerability to modify the platform authentication code, obtain database information, lock the OA system and other operations...

7AI score
Exploits0
CNVD
CNVD
added 2016/08/30 12:0 a.m.3 views

SQL injection vulnerability in the info_id parameter of PlacardView.aspx page of OA system of Shanghai Shuang Yang Computer Hi-Tech Development Co.

Shanghai Shuang Yang Computer Hi-Tech Development Company Shuang Yang for short is a high-tech enterprise mainly engaged in application software development and system integration. The product /DSOATY/FromBaoShan/LaborSpecial/PlacardView.aspx?infoid=1 at the existence of SQL injection...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/05/14 12:0 a.m.1 views

File Upload Vulnerability in OA System of Wando Network Technology Co.

Wando Network Technology Limited OA system is a set of office software. A file upload vulnerability exists in the Wando Network Technology Ltd OA system, which can be exploited by attackers to gain control of the website...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2016/04/01 12:0 a.m.2 views

Struts2 Remote Command Execution Vulnerability in OA System of Beijing Hurong Times Software Co.

Beijing Hurong Times Software Co., Ltd OA system is a set of daily operation and management application system for organizations. The OA system of Beijing Hurong Times Software Co., Ltd. suffers from a Struts2 remote command execution vulnerability, which can be exploited by an attacker to remote...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2016/01/18 12:0 a.m.21 views

鸿信办公自动化系统中5.0 版本的ewebeditor默认配置可文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/18 12:0 a.m.18 views

鸿信办公自动化系统/oa/File.aspx和/Page/System/UserDetail.aspx存在遍历漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder