91 matches found
CVE-2022-50993
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
CVE-2022-50993
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
EUVD-2022-55965
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
VulnCheck KEV: CVE-2022-50993
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
Weaver E-office 代码问题漏洞
Weaver E-office is an office automation system developed by the Chinese company Weaver. Versions of Weaver E-office prior to 10.020221201 contained code vulnerabilities. These vulnerabilities stemmed from an unauthenticated file upload vulnerability present in the OfficeServer.php endpoint. This...
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
Jiusi OA 代码问题漏洞
Jiusi OA is a collaborative office system from China Jiusi Jiusi. A code issue vulnerability exists in Jiusi OA 20251102 and prior versions, which stems from an incorrect manipulation of the parameter FileData in File/OfficeServer, which can lead to unlimited uploads...
EUVD-2018-15719
Malware in sbrugna...
EUVD-2018-15716
Malware in sbrugna...
EUVD-2018-9044
Malware in sbrugna...
EUVD-2019-14626
Malware in sbrugna...
EUVD-2019-14637
Malware in sbrugna...
EUVD-2018-9045
Malware in sbrugna...
EUVD-2021-8251
Malicious code in bioql PyPI...
EUVD-2021-8250
Malicious code in bioql PyPI...
CVE-2021-20839
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition to the other servers by processing a specially crafted XML document...
CVE-2021-20838
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition by processing a specially crafted XML document...
CVE-2019-5030
A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to...
CVE-2021-20839
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition to the other servers by processing a specially crafted XML document...